Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Unerwünschte Googleweiterleitung (https://www.trojaner-board.de/96538-unerwuenschte-googleweiterleitung.html)

creole 15.03.2011 09:09
Unerwünschte Googleweiterleitung
 
Hi,

ich bin neu hier und es ist das erste mal das ich mir so etwas schweres zugezogen habe.

Ich habe ein Problem und zwar leitet mich Google immer zu ungewollten Seiten weiter. Ich habe Malwarebytes schon ausprobiert aber das Problem ist noch nicht beseitigt.

Ich wäre für Hilfe dankbar.

Hier noch die Malwarebytesausgabe:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6049

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.03.2011 09:19:14
mbam-log-2011-03-15 (09-19-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148313
Laufzeit: 9 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 15.03.2011 11:47
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

creole 15.03.2011 14:32
Also hier der Output vom Ganzkörperscan von gestern mit Malbytes:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6049

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.03.2011 22:14:26
mbam-log-2011-03-14 (22-14-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 266538
Laufzeit: 1 Stunde(n), 32 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EuroGrand Casino (PUP.Casino) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Europa Casino (PUP.Casino) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Casino\eurogrand casino\_setupcasino_e7244b_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Casino\europa casino\_europasetup_6dea85_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
der ODT-File kommt nach.

creole 15.03.2011 14:47
und jetzt der ODT File Output:

Code:
OTL logfile created on: 15.03.2011 14:32:53 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\***\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,96 Gb Total Space | 272,52 Gb Free Space | 91,46% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Users\Stefan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ASUS\ASUS WebStorage\3.0.88.169\AsusWSPanel.exe (ecareme)
PRC - C:\Programme\ASUS\ASUS WebStorage\3.0.88.169\AsusWSService.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe (Research In Motion)
PRC - C:\Programme\ASUS\CapsHook\CapsHook.exe (ASUS)
PRC - C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\2DoorWayTouchSuite\AsusUacSvc.exe ()
PRC - C:\Programme\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Programme\ASUS\TouchHomeKey\TouchHomeKey.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
Hups hier der zweite File:
Code:
OTL Extras logfile created on: 15.03.2011 14:32:53 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\***\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,96 Gb Total Space | 272,52 Gb Free Space | 91,46% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack für Windows 7
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{BC508432-7BC6-427F-AD99-556202345B6C}" = Express Gate
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = USB2.0 UVC WebCam
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS WebStorage" = ASUS WebStorage
"avast" = avast! Free Antivirus
"AVG" = AVG 2011
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PakkISO_is1" = PakkISO 0.4
"PenWrite_is1" = PenWrite v1.9.20.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Touch Gate_is1" = Touch Gate 1.0.2.2
"TouchAPUninstaller" = 2DoorWay TouchSuite
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EuroGrand Casino" = EuroGrand Casino
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
und kann man schon was sagen? Wie sieht es aus?Ist es vielleicht taskhost.exe?

cosinus 15.03.2011 16:15
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

creole 15.03.2011 16:27
Einer war noch auch mit nem Fund:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6049

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.03.2011 15:07:08
mbam-log-2011-03-14 (15-07-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148523
Laufzeit: 8 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\messenger.exe (Malware.Gen) -> Quarantined and deleted successfully.
Sag mal studierst du zufällig Mathematik, wegen Winkelfunktion?

cosinus 15.03.2011 16:47
Das erste OTL-Log ist unvollständig.

creole 15.03.2011 17:03
Entschuldigung hier noch mal der Ganze.

Code:
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,96 Gb Total Space | 272,55 Gb Free Space | 91,47% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Users\Stefan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ASUS\ASUS WebStorage\3.0.88.169\AsusWSPanel.exe (ecareme)
PRC - C:\Programme\ASUS\ASUS WebStorage\3.0.88.169\AsusWSService.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe (Research In Motion)
PRC - C:\Programme\ASUS\CapsHook\CapsHook.exe (ASUS)
PRC - C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\2DoorWayTouchSuite\AsusUacSvc.exe ()
PRC - C:\Programme\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Programme\ASUS\TouchHomeKey\TouchHomeKey.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AsusUacSvc) -- C:\Programme\ASUS\2DoorWayTouchSuite\AsusUacSvc.exe ()
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 0F C4 E5 04 D5 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
 
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.03.12 18:19:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011.03.12 18:36:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.14 01:09:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.14 01:09:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.13 21:16:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.03.14 02:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2011.03.13 21:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.14 02:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\3or8qltr.default\extensions
[2011.03.14 01:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.12 18:19:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.03.12 18:36:56 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.88.169\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CapsHook] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PenWrite] C:\Program Files\ASUS\PenWrite\PenWrite.exe ()
O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TouchHomeKey] C:\Programme\ASUS\TouchHomeKey\TouchHomeKey.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\ShellTrayDll.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.15 08:52:39 | 000,000,000 | ---D | C] -- C:\Programme\uTorrent
[2011.03.14 14:57:36 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2011.03.14 14:57:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.14 14:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.14 14:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.14 14:57:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.14 14:57:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.14 01:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011.03.14 01:09:06 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.03.13 22:18:59 | 000,000,000 | ---D | C] -- C:\Programme\PakkISO
[2011.03.13 21:31:26 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Mozilla
[2011.03.13 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Thunderbird
[2011.03.13 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Thunderbird
[2011.03.13 21:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011.03.13 21:16:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2011.03.13 20:44:08 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Outlook-Dateien
[2011.03.13 19:22:28 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2011.03.13 19:18:05 | 000,000,000 | -H-D | C] -- C:\ASUS.000
[2011.03.13 19:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Gate
[2011.03.13 19:17:20 | 000,000,000 | -H-D | C] -- C:\ASUS.SYS
[2011.03.13 17:52:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.03.13 17:51:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.13 17:51:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.13 17:51:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.13 17:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011.03.13 17:48:25 | 000,000,000 | ---D | C] -- C:\Programme\Glary Utilities
[2011.03.13 17:40:41 | 000,000,000 | -HSD | C] -- C:\aws
[2011.03.13 17:40:38 | 000,000,000 | ---D | C] -- C:\ASUS WebStorage
[2011.03.13 17:40:17 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Asus WebStorage
[2011.03.13 15:38:33 | 000,033,768 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\System32\AsusSender.exe
[2011.03.13 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\fltk.org
[2011.03.13 14:21:11 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Desktop\Arbeitsfläche
[2011.03.13 12:07:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Google
[2011.03.12 18:40:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\OneNote-Notizbücher
[2011.03.12 18:39:14 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\GlarySoft
[2011.03.12 18:39:04 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\AVG10
[2011.03.12 18:37:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.03.12 18:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011.03.12 18:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011.03.12 18:36:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.03.12 18:36:47 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2011.03.12 18:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.03.12 18:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.03.12 18:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.03.12 18:20:00 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.03.12 18:20:00 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.03.12 18:19:58 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.03.12 18:19:58 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.03.12 18:19:57 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.03.12 18:19:56 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.03.12 18:18:59 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.03.12 18:18:57 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.03.12 18:18:42 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.03.12 18:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.03.12 18:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.03.12 18:15:28 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2011.03.12 18:15:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2011.03.12 18:13:30 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2011.03.12 18:13:30 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2011.03.12 18:09:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2011.03.12 18:08:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2011.03.12 18:07:42 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Microsoft Help
[2011.03.12 18:07:26 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.03.12 18:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.03.12 18:07:07 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.03.11 23:36:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\AsusInternetRadio.FE3DA72B022E78FEBEB750602F72A2E5E345080B.1
[2011.03.11 23:27:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Touch Pack für Windows 7
[2011.03.11 23:27:47 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011.03.11 23:27:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011.03.11 23:27:46 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011.03.11 23:27:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-CHS
[2011.03.11 23:27:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\tr
[2011.03.11 23:27:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\sv
[2011.03.11 23:27:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\pt
[2011.03.11 23:27:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\es
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-CHT
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\sk
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ru
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ro
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\pl
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\no
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\nl
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ko
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ja
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\it
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\hu
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\fr
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\fi
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\en
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\el
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\da
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\cs
[2011.03.11 23:27:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\bg
[2011.03.11 23:27:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Touch Pack for Windows 7
[2011.03.11 23:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2011.03.11 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\IsolatedStorage
[2011.03.11 23:25:56 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011.03.11 23:25:56 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011.03.11 23:25:56 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011.03.11 23:25:55 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011.03.11 23:25:55 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011.03.11 23:25:55 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011.03.11 23:25:55 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_2.dll
[2011.03.11 23:25:40 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft XNA
[2011.03.11 23:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.11 23:04:03 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.03.11 23:03:32 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.03.11 20:26:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\dwhelper
[2011.03.11 19:53:11 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Apple Computer
[2011.03.11 19:53:11 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Apple Computer
[2011.03.11 19:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.11 19:52:51 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011.03.11 19:52:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.03.11 19:51:36 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.11 19:51:34 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.11 19:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.03.10 14:52:17 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\uTorrent
[2011.03.10 14:21:00 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Blackberry Desktop
[2011.03.10 14:18:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\BlackBerry
[2011.03.10 14:17:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Research In Motion
[2011.03.10 14:17:31 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Research In Motion
[2011.03.10 14:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2011.03.10 14:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2011.03.10 14:15:46 | 000,000,000 | ---D | C] -- C:\Programme\Research In Motion
[2011.03.10 14:15:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Research In Motion
[2011.03.10 14:14:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\TouchGate2Doorway
[2011.03.10 14:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.03.10 14:12:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2011.03.10 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\WinRAR
[2011.03.10 12:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.03.10 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.03.10 12:42:49 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2011.03.10 12:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2011.03.10 12:08:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliPoint
[2011.03.10 12:08:13 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.03.10 11:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.03.10 11:57:31 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2011.03.10 11:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.03.10 11:57:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Apple
[2011.03.10 11:57:08 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2011.03.10 11:56:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.03.10 11:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.03.09 23:18:06 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\BUPDATER-V1_12
[2011.03.09 23:10:00 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\temp
[2011.03.09 23:09:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\EeeStorageUploader
[2011.03.09 23:07:30 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\ElevatedDiagnostics
[2011.03.09 23:06:55 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.09 23:06:54 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.03.09 23:06:51 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 23:06:51 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011.03.09 23:06:51 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 23:06:50 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.06 03:45:25 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2011.03.06 00:11:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Intel Corporation
[2011.03.06 00:09:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011.03.06 00:08:59 | 000,000,000 | ---D | C] -- C:\Intel
[2011.03.06 00:08:54 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2011.03.06 00:08:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\AHCI
[2011.03.06 00:03:57 | 000,000,000 | ---D | C] -- C:\Windows\smFile
[2011.03.06 00:03:56 | 002,532,864 | ---- | C] (Silicon Motion Corporation) -- C:\Windows\System32\drivers\SMIexp.sys
[2011.03.06 00:03:56 | 000,937,984 | ---- | C] (SiliconMotion) -- C:\Windows\System32\RemoveSM37X.exe
[2011.03.06 00:03:56 | 000,181,760 | ---- | C] (SMI) -- C:\Windows\System32\drivers\SMIksdrv.sys
[2011.03.06 00:03:56 | 000,000,000 | ---D | C] -- C:\Programme\Azurewave, SMI371L
[2011.03.06 00:02:34 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Camera-V5_58_0_12
[2011.03.06 00:01:52 | 001,006,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2011.03.06 00:01:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011.03.05 23:50:04 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics
[2011.03.05 15:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB
[2011.03.04 12:11:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.03.04 12:11:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.03.04 12:11:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.02.28 15:22:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011.02.28 15:20:00 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011.02.28 15:19:21 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2011.02.28 15:19:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Microsoft Games
[2011.02.26 08:09:52 | 000,000,000 | ---D | C] -- C:\Casino
[2011.02.26 07:18:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011.02.26 07:18:30 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.02.26 07:18:29 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2011.02.26 07:18:29 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011.02.26 07:18:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.02.26 07:18:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011.02.26 07:18:18 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.02.26 07:18:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011.02.26 07:18:16 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.26 07:18:12 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.02.26 07:18:12 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.02.26 07:18:11 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.02.26 07:18:11 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011.02.26 07:18:08 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011.02.26 07:18:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011.02.26 07:18:02 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.02.26 07:17:55 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011.02.26 07:17:55 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011.02.26 07:17:55 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011.02.26 07:17:52 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011.02.26 07:17:50 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011.02.26 07:17:50 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011.02.26 07:17:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.26 07:17:47 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.26 07:17:38 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.02.26 07:17:36 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011.02.26 07:17:25 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.26 07:17:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.26 07:17:25 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.26 07:17:25 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.26 07:17:25 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.26 07:17:24 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.26 07:17:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.26 07:17:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.26 07:17:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.26 07:17:18 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.02.26 07:17:18 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.02.26 07:17:18 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.02.26 07:17:17 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011.02.26 07:17:13 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.26 07:17:13 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.26 07:17:12 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.26 07:17:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011.02.26 07:17:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.26 07:17:04 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.26 07:17:04 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.26 07:17:01 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.26 07:17:00 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.26 07:16:59 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.02.26 07:16:59 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.26 07:16:58 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.02.26 07:16:58 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.26 07:16:58 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.26 07:16:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.26 07:16:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011.02.26 07:16:54 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011.02.26 07:16:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.02.26 07:16:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.26 07:16:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.26 07:16:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011.02.26 07:16:52 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011.02.26 07:16:51 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.02.26 07:16:50 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.02.26 07:16:50 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.02.26 07:16:50 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.02.26 07:16:50 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.02.26 07:16:49 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.02.26 07:16:49 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.02.26 07:16:49 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.02.26 07:16:49 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.02.26 07:12:51 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.02.26 07:12:51 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.25 23:24:12 | 000,000,000 | ---D | C] -- C:\Programme\Elantech
[2011.02.25 23:24:00 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
[2011.02.25 23:23:37 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\WLAN-NE107H-V2007_1_1002_2009
[2011.02.25 23:22:44 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Touchpad
[2011.02.25 19:35:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\E-Cam
[2011.02.25 18:23:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Asus
[2011.02.25 17:54:44 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\KBFilter-V1_0_0_3
[2011.02.25 17:46:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Downloaded Installations
[2011.02.25 17:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterVideo WinDVD
[2011.02.25 17:41:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InterVideo
[2011.02.25 17:39:41 | 000,000,000 | ---D | C] -- C:\Programme\InterVideo
[2011.02.25 17:39:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Mozilla
[2011.02.25 17:37:42 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\ASUS WebStorage
[2011.02.25 17:36:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011.02.25 17:36:32 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011.02.25 17:36:32 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011.02.25 17:36:32 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011.02.25 17:36:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011.02.25 17:36:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011.02.25 17:36:31 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011.02.25 17:36:31 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011.02.25 17:36:31 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011.02.25 17:36:30 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011.02.25 17:36:30 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011.02.25 17:36:30 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011.02.25 17:36:23 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011.02.25 17:36:23 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011.02.25 17:36:23 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011.02.25 17:36:22 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011.02.25 17:36:22 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011.02.25 17:36:21 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011.02.25 17:36:20 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011.02.25 17:36:20 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011.02.25 17:36:19 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011.02.25 17:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E-Cam
[2011.02.25 17:25:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\FontResizer-V1_01_0011
[2011.02.25 17:25:31 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\E-Cam
[2011.02.25 17:25:00 | 000,000,000 | ---D | C] -- C:\Programme\E-Cam
[2011.02.25 17:24:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\EBI
[2011.02.25 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RSMR
[2011.02.25 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EBI
[2011.02.25 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\InstallShield
[2011.02.25 17:23:26 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\ASUSVibe-V1_0_173
[2011.02.25 17:21:40 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.02.25 17:20:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\ECam
[2011.02.25 17:18:06 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\System32\AsIO.dll
[2011.02.25 17:18:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield
[2011.02.25 17:17:37 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\ASUSUpdt
[2011.02.25 17:16:58 | 000,000,000 | ---D | C] -- C:\Programme\ASUS
[2011.02.25 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\CapsHook
[2011.02.25 17:13:49 | 000,000,000 | ---D | C] -- C:\Programme\EeePC
[2011.02.25 17:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2011.02.25 17:13:48 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2011.02.25 17:12:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\SupHybridEngine
[2011.02.25 17:10:49 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Download Manager
[2011.02.25 17:09:19 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.02.25 17:07:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Macromedia
[2011.02.25 17:07:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Adobe
[2011.02.25 17:07:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011.02.25 16:56:40 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.02.25 16:56:39 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.02.25 16:56:39 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Searches
[2011.02.25 16:56:31 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Identities
[2011.02.25 16:56:28 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Contacts
[2011.02.25 16:56:15 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\VirtualStore
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Vorlagen
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Verlauf
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Temporary Internet Files
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Startmenü
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\SendTo
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Recent
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Netzwerkumgebung
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Lokale Einstellungen
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Videos
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Musik
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Eigene Dateien
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Bilder
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Druckumgebung
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Cookies
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Anwendungsdaten
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Anwendungsdaten
[2011.02.25 16:56:13 | 000,000,000 | --SD | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Videos
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Saved Games
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Pictures
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Music
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Links
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Favorites
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Downloads
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Documents
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Desktop
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.02.25 16:56:13 | 000,000,000 | -H-D | C] -- C:\Users\Stefan\AppData
[2011.02.25 16:56:13 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Temp
[2011.02.25 16:56:13 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Microsoft
[2011.02.25 16:56:13 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.02.25 16:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.02.25 16:39:30 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.02.25 16:39:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.02.25 16:38:29 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2009.07.21 16:29:40 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.15 09:15:14 | 000,005,120 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.15 08:52:40 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011.03.15 08:49:19 | 000,015,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.15 08:49:19 | 000,015,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.15 08:48:58 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.15 08:48:58 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.15 08:48:58 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.15 08:48:58 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.15 08:43:02 | 000,001,725 | ---- | M] () -- C:\Users\Stefan\Desktop\MySyncFolder.lnk
[2011.03.15 08:42:04 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011.03.15 08:42:01 | 000,000,318 | -HS- | M] () -- C:\Windows\tasks\klcjpli.job
[2011.03.15 08:41:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.15 08:41:31 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.14 14:57:15 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.13 20:31:39 | 000,001,314 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.03.13 20:14:22 | 000,007,605 | ---- | M] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
[2011.03.13 19:22:26 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.03.13 19:18:10 | 000,000,117 | ---- | M] () -- C:\dvmb.lst
[2011.03.13 19:18:10 | 000,000,057 | -H-- | M] () -- C:\splash.idx
[2011.03.13 19:14:52 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2011.03.13 11:49:37 | 000,408,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.12 18:19:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.03.11 20:14:28 | 000,096,256 | RHS- | M] () -- C:\Windows\System32\AuthFWGPE.dll
[2011.03.10 14:19:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011.03.10 12:08:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011.03.09 23:17:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.03.09 23:17:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.03.05 23:50:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.03.04 12:06:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.02.25 23:24:00 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
[2011.02.25 18:21:43 | 000,000,040 | -H-- | M] () -- C:\Windows\System32\ivireg.ivr
[2011.02.25 17:54:32 | 003,767,925 | ---- | M] () -- C:\Users\Stefan\Documents\KBFilter-V1_0_0_3.zip
[2011.02.25 17:42:45 | 313,979,198 | ---- | M] () -- C:\Users\Stefan\Documents\EG-1_2_17_25_User.zip
[2011.02.25 17:32:34 | 005,370,929 | ---- | M] () -- C:\Users\Stefan\Documents\ASUSWebStorage2_0_40_1319.zip
[2011.02.25 17:20:50 | 018,177,270 | ---- | M] () -- C:\Users\Stefan\Documents\ASUSVibe-V1_0_173.zip
[2011.02.25 17:20:45 | 016,137,804 | ---- | M] () -- C:\Users\Stefan\Documents\FontResizer-V1_01_0011.zip
[2011.02.25 17:20:39 | 019,713,439 | ---- | M] () -- C:\Users\Stefan\Documents\LiveUpdate_1_22.zip
[2011.02.25 17:19:55 | 024,380,284 | ---- | M] () -- C:\Users\Stefan\Documents\ECam.zip
[2011.02.25 17:16:53 | 006,304,265 | ---- | M] () -- C:\Users\Stefan\Documents\ASUSUpdt.zip
[2011.02.25 17:15:31 | 002,820,016 | ---- | M] () -- C:\Users\Stefan\Documents\CapsHook.zip
[2011.02.25 17:12:15 | 002,984,893 | ---- | M] () -- C:\Users\Stefan\Documents\SupHybridEngine.zip
[2011.02.25 16:43:59 | 000,056,735 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011.02.23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.02.23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.02.23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.02.19 06:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.19 06:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
 
========== Files Created - No Company Name ==========
 
[2011.03.15 09:15:03 | 000,005,120 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.15 08:52:40 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011.03.14 15:13:55 | 000,001,725 | ---- | C] () -- C:\Users\Stefan\Desktop\MySyncFolder.lnk
[2011.03.14 14:57:15 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.13 20:14:22 | 000,007,605 | ---- | C] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
[2011.03.13 19:22:26 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx
[2011.03.13 17:48:41 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011.03.13 15:38:33 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe
[2011.03.13 15:38:33 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2011.03.12 18:40:28 | 000,001,314 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.03.11 20:14:29 | 000,000,318 | -HS- | C] () -- C:\Windows\tasks\klcjpli.job
[2011.03.11 20:14:28 | 000,096,256 | RHS- | C] () -- C:\Windows\System32\AuthFWGPE.dll
[2011.03.10 14:19:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011.03.10 12:08:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011.03.10 11:57:09 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.03.09 23:17:58 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.03.09 23:17:58 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.03.06 00:03:56 | 000,274,432 | ---- | C] () -- C:\Windows\System32\370prop.ax
[2011.03.06 00:03:56 | 000,163,840 | ---- | C] () -- C:\Windows\System32\SM37XCoInst.dll
[2011.03.06 00:03:56 | 000,001,608 | ---- | C] () -- C:\Windows\Sensor.set
[2011.03.05 23:50:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.03.04 12:06:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.02.26 08:20:41 | 000,000,776 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Casino.lnk
[2011.02.26 08:09:56 | 000,000,797 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EuroGrand Casino.lnk
[2011.02.25 18:21:42 | 000,000,040 | -H-- | C] () -- C:\Windows\System32\ivireg.ivr
[2011.02.25 17:54:09 | 003,767,925 | ---- | C] () -- C:\Users\Stefan\Documents\KBFilter-V1_0_0_3.zip
[2011.02.25 17:30:28 | 005,370,929 | ---- | C] () -- C:\Users\Stefan\Documents\ASUSWebStorage2_0_40_1319.zip
[2011.02.25 17:20:07 | 313,979,198 | ---- | C] () -- C:\Users\Stefan\Documents\EG-1_2_17_25_User.zip
[2011.02.25 17:18:07 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2011.02.25 17:18:06 | 000,011,456 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.02.25 17:15:42 | 018,177,270 | ---- | C] () -- C:\Users\Stefan\Documents\ASUSVibe-V1_0_173.zip
[2011.02.25 17:15:16 | 016,137,804 | ---- | C] () -- C:\Users\Stefan\Documents\FontResizer-V1_01_0011.zip
[2011.02.25 17:14:57 | 019,713,439 | ---- | C] () -- C:\Users\Stefan\Documents\LiveUpdate_1_22.zip
[2011.02.25 17:14:41 | 006,304,265 | ---- | C] () -- C:\Users\Stefan\Documents\ASUSUpdt.zip
[2011.02.25 17:14:23 | 002,820,016 | ---- | C] () -- C:\Users\Stefan\Documents\CapsHook.zip
[2011.02.25 17:13:55 | 024,380,284 | ---- | C] () -- C:\Users\Stefan\Documents\ECam.zip
[2011.02.25 17:12:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.02.25 17:12:06 | 002,984,893 | ---- | C] () -- C:\Users\Stefan\Documents\SupHybridEngine.zip
[2011.02.25 16:56:45 | 000,001,413 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.02.25 16:43:45 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.02.25 16:43:33 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.02.25 16:39:04 | 1602,887,680 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,408,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2007.12.28 08:22:04 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

< End of report >

cosinus 15.03.2011 21:01
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
[2011.03.13 19:22:28 | 000,000,000 | -H-D | C] -- C:\dvmexp
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

creole 15.03.2011 21:53
Hey soweit hat es geklappt.

Hier der Output:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\ not found.
File D:\.\Bin\ASSETUP.exe not found.
C:\dvmexp\VAECONF folder moved successfully.
C:\dvmexp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Stefan
->Temp folder emptied: 63377252 bytes
->Temporary Internet Files folder emptied: 23301886 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 94682364 bytes
->Google Chrome cache emptied: 124478270 bytes
->Flash cache emptied: 60728 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95145 bytes
RecycleBin emptied: 8118915 bytes
 
Total Files Cleaned = 300,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03152011_214535

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
war es das jetzt? bin ich oder mein computer geheilt?

cosinus 16.03.2011 10:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

creole 16.03.2011 11:10
Hier wieder der Output:

Code:
ComboFix 11-03-15.02 - Stefan 16.03.2011  10:53:13.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.2038.1188 [GMT 1:00]
ausgeführt von:: c:\users\Stefan\Downloads\cofi.exe.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-16 bis 2011-03-16  ))))))))))))))))))))))))))))))
.
.
2011-03-16 10:02 . 2011-03-16 10:02        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-03-16 09:32 . 2011-03-16 09:32        --------        d-----w-        c:\program files\CCleaner
2011-03-15 20:45 . 2011-03-15 20:45        --------        d-----w-        C:\_OTL
2011-03-14 13:57 . 2011-03-14 13:57        --------        d-----w-        c:\programdata\Malwarebytes
2011-03-13 21:18 . 2011-03-13 21:24        --------        d-----w-        c:\program files\PakkISO
2011-03-13 20:16 . 2011-03-13 20:16        --------        d-----w-        c:\program files\Mozilla Thunderbird
2011-03-13 18:18 . 2011-03-13 18:21        --------        d-----w-        C:\ASUS.000
2011-03-13 18:17 . 2011-03-13 18:18        --------        d-----w-        C:\ASUS.SYS
2011-03-13 16:52 . 2011-03-13 16:52        --------        d-----w-        c:\program files\Common Files\Java
2011-03-13 16:48 . 2011-03-13 16:48        --------        d-----w-        c:\program files\Glary Utilities
2011-03-13 16:40 . 2011-03-13 16:44        --------        d-----w-        C:\aws
2011-03-13 16:40 . 2011-03-13 16:44        --------        d-----w-        C:\ASUS WebStorage
2011-03-13 14:38 . 2009-09-11 12:25        33768        ----a-w-        c:\windows\system32\AsusSender.exe
2011-03-13 14:38 . 2009-08-18 16:35        219136        ----a-w-        c:\windows\system32\AsusService.exe
2011-03-12 17:37 . 2011-03-12 17:37        --------        d--h--w-        c:\programdata\Common Files
2011-03-12 17:36 . 2011-03-16 09:39        --------        d-----w-        c:\programdata\AVG10
2011-03-12 17:18 . 2011-03-16 09:45        --------        d-----w-        c:\programdata\AVAST Software
2011-03-12 17:18 . 2011-03-12 17:18        --------        d-----w-        c:\program files\AVAST Software
2011-03-12 17:17 . 2011-03-12 17:36        --------        d-----w-        c:\programdata\MFAData
2011-03-12 17:15 . 2011-03-12 17:15        --------        d-----w-        c:\program files\Microsoft Synchronization Services
2011-03-12 17:13 . 2011-03-12 17:13        --------        d-----w-        c:\program files\Microsoft Sync Framework
2011-03-12 17:13 . 2011-03-12 17:13        --------        d-----w-        c:\program files\Microsoft SQL Server Compact Edition
2011-03-12 17:09 . 2011-03-12 17:09        --------        d-----w-        c:\program files\Microsoft Visual Studio 8
2011-03-12 17:08 . 2011-03-12 17:08        --------        d-----w-        c:\program files\Microsoft Analysis Services
2011-03-12 17:07 . 2011-03-12 17:30        --------        d-----w-        c:\programdata\Microsoft Help
2011-03-12 17:07 . 2011-03-12 17:07        --------        d-----r-        C:\MSOCache
2011-03-11 22:26 . 2011-03-11 22:26        --------        d-----w-        c:\programdata\Applications
2011-03-11 22:25 . 2008-05-30 13:19        507400        ----a-w-        c:\windows\system32\XAudio2_1.dll
2011-03-11 22:25 . 2008-05-30 13:17        65032        ----a-w-        c:\windows\system32\XAPOFX1_0.dll
2011-03-11 22:25 . 2008-05-30 13:17        25608        ----a-w-        c:\windows\system32\X3DAudio1_4.dll
2011-03-11 22:25 . 2007-07-19 23:57        267112        ----a-w-        c:\windows\system32\xactengine2_9.dll
2011-03-11 22:25 . 2007-07-19 23:54        18280        ----a-w-        c:\windows\system32\x3daudio1_2.dll
2011-03-11 22:25 . 2007-04-04 17:53        81768        ----a-w-        c:\windows\system32\xinput1_3.dll
2011-03-11 22:25 . 2007-03-12 15:42        3495784        ----a-w-        c:\windows\system32\d3dx9_33.dll
2011-03-11 22:25 . 2011-03-11 22:25        --------        d-----w-        c:\program files\Microsoft XNA
2011-03-11 22:04 . 2011-02-02 20:40        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-03-11 22:03 . 2011-03-13 16:51        --------        d-----w-        c:\program files\Java
2011-03-11 19:14 . 2011-03-11 19:14        96256        --sha-r-        c:\windows\system32\AuthFWGPE.dll
2011-03-11 18:52 . 2011-03-11 18:52        --------        dc----w-        c:\windows\system32\DRVSTORE
2011-03-11 18:52 . 2009-05-18 12:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-11 18:52 . 2008-04-17 11:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2011-03-11 18:51 . 2011-03-11 18:51        --------        d-----w-        c:\program files\iPod
2011-03-11 18:51 . 2011-03-11 18:52        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-11 18:51 . 2011-03-11 18:52        --------        d-----w-        c:\program files\iTunes
2011-03-11 10:36 . 2011-02-23 08:35        5943120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{88AB1B6C-4988-4719-8664-0F76FBB0A081}\mpengine.dll
2011-03-10 13:16 . 2009-01-09 16:18        27136        ----a-w-        c:\windows\system32\drivers\RimSerial.sys
2011-03-10 13:16 . 2011-03-10 13:16        --------        d-----w-        c:\programdata\Research In Motion
2011-03-10 13:15 . 2011-03-10 13:16        --------        d-----w-        c:\program files\Common Files\Research In Motion
2011-03-10 13:15 . 2011-03-10 13:15        --------        d-----w-        c:\program files\Research In Motion
2011-03-10 13:12 . 2011-03-10 13:12        --------        d-----w-        c:\program files\Common Files\Adobe AIR
2011-03-10 11:08 . 2011-03-10 11:08        --------        d-----w-        c:\program files\Microsoft IntelliPoint
2011-03-10 11:08 . 2011-03-10 11:08        --------        d-----w-        c:\windows\PCHEALTH
2011-03-10 10:58 . 2011-03-10 10:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-10 10:58 . 2011-03-10 10:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-10 10:58 . 2011-03-10 10:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-10 10:58 . 2011-03-10 10:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-10 10:58 . 2011-03-10 10:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-10 10:58 . 2011-03-10 10:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-10 10:58 . 2011-03-10 10:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-03-10 10:57 . 2011-03-11 18:51        --------        d-----w-        c:\programdata\Apple Computer
2011-03-10 10:57 . 2011-03-10 10:58        --------        d-----w-        c:\program files\QuickTime
2011-03-10 10:57 . 2011-03-10 10:57        --------        d-----w-        c:\program files\Apple Software Update
2011-03-10 10:56 . 2011-03-12 11:32        --------        d-----w-        c:\program files\Common Files\Apple
2011-03-10 10:56 . 2011-03-10 10:56        --------        d-----w-        c:\programdata\Apple
2011-03-09 22:06 . 2011-02-19 05:32        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-03-09 22:06 . 2011-02-19 05:33        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-03-09 22:06 . 2011-02-19 05:32        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-03-09 22:06 . 2010-12-23 05:28        850432        ----a-w-        c:\windows\system32\sbe.dll
2011-03-09 22:06 . 2010-12-23 05:28        642048        ----a-w-        c:\windows\system32\CPFilters.dll
2011-03-09 22:06 . 2010-12-23 05:28        534528        ----a-w-        c:\windows\system32\EncDec.dll
2011-03-09 22:06 . 2010-12-23 05:24        199680        ----a-w-        c:\windows\system32\mpg2splt.ax
2011-03-09 22:06 . 2010-12-18 05:30        2690560        ----a-w-        c:\windows\system32\mstscax.dll
2011-03-09 22:06 . 2010-12-18 05:26        1034240        ----a-w-        c:\windows\system32\mstsc.exe
2011-03-06 02:45 . 2011-03-12 17:13        --------        d-----w-        c:\program files\Microsoft.NET
2011-03-05 23:08 . 2011-03-05 23:08        --------        d-----w-        C:\Intel
2011-03-05 23:08 . 2010-06-08 09:23        435736        ----a-w-        c:\windows\system32\drivers\iaStor.sys
2011-03-05 23:08 . 2011-03-05 23:09        --------        d-----w-        c:\program files\Intel
2011-03-05 23:03 . 2011-03-05 23:03        --------        d-----w-        c:\windows\smFile
2011-03-05 23:03 . 2011-03-05 23:03        --------        d-----w-        c:\program files\Azurewave, SMI371L
2011-03-05 23:03 . 2009-12-25 01:10        937984        ----a-w-        c:\windows\system32\RemoveSM37X.exe
2011-03-05 23:03 . 2009-12-25 01:10        2532864        ----a-w-        c:\windows\system32\drivers\SMIexp.sys
2011-03-05 23:03 . 2009-12-25 01:10        181760        ----a-w-        c:\windows\system32\drivers\SMIksdrv.sys
2011-03-05 23:03 . 2009-12-25 01:10        163840        ----a-w-        c:\windows\system32\SM37XCoInst.dll
2011-03-05 23:03 . 2009-12-25 01:09        274432        ----a-w-        c:\windows\system32\370prop.ax
2011-03-05 23:01 . 2011-03-05 23:01        --------        d-----w-        c:\windows\system32\x64
2011-03-05 23:01 . 2010-10-25 03:20        1006104        ----a-w-        c:\windows\system32\igxpun.exe
2011-03-05 22:50 . 2011-03-05 22:50        --------        d-----w-        c:\program files\Synaptics
2011-03-05 14:12 . 2011-03-12 11:26        --------        d-----w-        c:\windows\system32\SupportAppCB
2011-03-04 11:14 . 2009-09-10 05:52        257024        ----a-w-        c:\windows\system32\msv1_0.dll
2011-03-04 11:11 . 2009-11-25 11:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2011-03-04 11:11 . 2009-11-25 11:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2011-03-04 11:11 . 2009-11-25 11:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2011-03-04 11:11 . 2009-11-25 11:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2011-03-04 11:11 . 2009-11-25 11:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2011-02-28 14:22 . 2010-02-11 07:10        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2011-02-28 14:20 . 2010-03-04 04:04        146304        ----a-w-        c:\windows\system32\drivers\usbvideo.sys
2011-02-28 14:20 . 2010-03-04 03:57        190976        ----a-w-        c:\windows\system32\drivers\ks.sys
2011-02-28 14:19 . 2011-02-28 14:19        --------        d-----w-        c:\program files\MSXML 4.0
2011-02-28 14:18 . 2010-09-14 06:07        276992        ----a-w-        c:\windows\system32\wcncsvc.dll
2011-02-26 07:09 . 2011-02-26 07:20        --------        d-----w-        C:\Casino
2011-02-26 06:17 . 2009-09-03 07:04        1320960        ----a-w-        c:\windows\system32\CertEnroll.dll
2011-02-26 06:16 . 2010-11-02 04:35        218624        ----a-w-        c:\windows\system32\d3d10_1core.dll
2011-02-26 06:13 . 2010-10-19 08:10        7680        ----a-w-        c:\program files\Internet Explorer\iecompat.dll
2011-02-26 06:13 . 2010-02-27 07:32        221696        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-02-26 06:13 . 2010-02-27 07:32        95744        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-02-26 06:13 . 2010-02-27 07:32        123392        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-02-26 06:12 . 2011-02-03 05:45        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-02-26 06:12 . 2010-11-02 04:46        728448        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-02-26 06:12 . 2010-11-02 04:23        107520        ----a-w-        c:\windows\system32\cdd.dll
2011-02-25 22:24 . 2011-02-25 22:24        --------        d-----w-        c:\program files\Elantech
2011-02-25 22:24 . 2011-02-25 22:24        16896        ----a-w-        c:\windows\AsTaskSched.dll
2011-02-25 16:41 . 2011-02-25 16:41        --------        d-----w-        c:\program files\Common Files\InterVideo
2011-02-25 16:39 . 2011-02-25 16:41        --------        d-----w-        c:\program files\InterVideo
2011-02-25 16:25 . 2011-02-25 16:25        --------        d-----w-        c:\program files\E-Cam
2011-02-25 16:24 . 2011-02-25 16:24        --------        d-----w-        c:\programdata\RSMR
2011-02-25 16:24 . 2011-02-25 16:24        --------        d-----w-        c:\programdata\EBI
2011-02-25 16:21 . 2011-03-16 09:39        --------        d-sh--w-        c:\windows\Installer
2011-02-25 16:18 . 2011-02-09 14:03        11832        ----a-w-        c:\windows\system32\drivers\AsUpIO.sys
2011-02-25 16:18 . 2011-02-09 14:03        28672        ----a-w-        c:\windows\system32\AsIO.dll
2011-02-25 16:18 . 2011-02-09 14:03        11456        ----a-w-        c:\windows\system32\drivers\AsIO.sys
2011-02-25 16:18 . 2011-02-25 16:18        --------        d-----w-        c:\program files\Common Files\InstallShield
2011-02-25 16:16 . 2011-03-13 14:37        --------        d-----w-        c:\program files\ASUS
2011-02-25 16:13 . 2011-03-13 14:38        --------        d-----w-        c:\program files\EeePC
2011-02-25 16:13 . 2011-03-13 14:38        --------        d--h--w-        c:\program files\InstallShield Installation Information
2011-02-25 16:09 . 2011-02-02 16:11        222080        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 14:55 . 2011-01-07 14:55        40800        ----a-w-        c:\windows\system32\drivers\point32.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"PenWrite"="c:\program files\ASUS\PenWrite\PenWrite.exe" [2010-01-19 543920]
"TouchHomeKey"="c:\program files\asus\TouchHomeKey\TouchHomeKey.exe" [2009-08-12 248496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"CapsHook"="AsusSender.exe" [2009-09-11 33768]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.88.169\AsusWSPanel.exe" [2011-03-04 734544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 102912]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2011-02-09 11832]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\asus\2DoorWayTouchSuite\AsusUacSvc.exe [2009-10-15 28848]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 usbsmi;USB2.0 UVC WebCam ;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-12-25 181760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-03-13 16:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: {4323EB34-1ACD-4F58-9C91-D75AB5193DC3} = 193.189.244.225 193.189.244.206
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDWare - %ProgramFiles%\Elantech\ETDCtrl.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-16  11:06:57
ComboFix-quarantined-files.txt  2011-03-16 10:06
.
Vor Suchlauf: 9 Verzeichnis(se), 293.128.077.312 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 293.044.547.584 Bytes frei
.
- - End Of File - - B4CEF4C489B104EE3DFE7A1D1A613DD1
Ist was passiert? Vielleicht muss ich erwähnen dass das Programm mir weismachen wollte ich hätte Antivir gestartet, das stimmt aber nicht aber sogar extra meine beiden Virenschützer deinstalliert...

cosinus 16.03.2011 12:03
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

creole 16.03.2011 12:14
Hier iweder der Log, hoffe es ist der richtige:

Code:
2011/03/16 12:12:19.0399 0112        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/16 12:12:20.0085 0112        ================================================================================
2011/03/16 12:12:20.0101 0112        SystemInfo:
2011/03/16 12:12:20.0101 0112       
2011/03/16 12:12:20.0101 0112        OS Version: 6.1.7600 ServicePack: 0.0
2011/03/16 12:12:20.0101 0112        Product type: Workstation
2011/03/16 12:12:20.0101 0112        ComputerName: STEFAN-PC
2011/03/16 12:12:20.0101 0112        UserName: Stefan
2011/03/16 12:12:20.0101 0112        Windows directory: C:\Windows
2011/03/16 12:12:20.0101 0112        System windows directory: C:\Windows
2011/03/16 12:12:20.0101 0112        Processor architecture: Intel x86
2011/03/16 12:12:20.0101 0112        Number of processors: 2
2011/03/16 12:12:20.0101 0112        Page size: 0x1000
2011/03/16 12:12:20.0101 0112        Boot type: Normal boot
2011/03/16 12:12:20.0101 0112        ================================================================================
2011/03/16 12:12:20.0647 0112        Initialize success
2011/03/16 12:12:24.0360 5784        ================================================================================
2011/03/16 12:12:24.0360 5784        Scan started
2011/03/16 12:12:24.0360 5784        Mode: Manual;
2011/03/16 12:12:24.0360 5784        ================================================================================
2011/03/16 12:12:25.0265 5784        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/16 12:12:25.0343 5784        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/16 12:12:25.0389 5784        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/16 12:12:25.0467 5784        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/16 12:12:25.0530 5784        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/16 12:12:25.0561 5784        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/16 12:12:25.0701 5784        AFD            (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/16 12:12:25.0764 5784        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/16 12:12:25.0826 5784        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/16 12:12:25.0873 5784        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/16 12:12:25.0920 5784        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/16 12:12:25.0982 5784        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/16 12:12:26.0029 5784        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/16 12:12:26.0060 5784        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/16 12:12:26.0123 5784        amdsata        (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/16 12:12:26.0169 5784        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/16 12:12:26.0232 5784        amdxata        (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/16 12:12:26.0279 5784        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/16 12:12:26.0403 5784        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/16 12:12:26.0450 5784        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/16 12:12:26.0528 5784        AsIO            (956c7177dbda0f02436868ad644ccf31) C:\Windows\system32\drivers\AsIO.sys
2011/03/16 12:12:26.0591 5784        AsUpIO          (a9a565c669786c402752f609afdd0dd5) C:\Windows\system32\drivers\AsUpIO.sys
2011/03/16 12:12:26.0684 5784        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/16 12:12:26.0731 5784        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/16 12:12:26.0825 5784        athr            (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
2011/03/16 12:12:26.0949 5784        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/16 12:12:27.0012 5784        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/16 12:12:27.0074 5784        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/16 12:12:27.0246 5784        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/16 12:12:27.0277 5784        bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/16 12:12:27.0339 5784        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/16 12:12:27.0402 5784        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/16 12:12:27.0480 5784        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/16 12:12:27.0527 5784        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/16 12:12:27.0589 5784        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/16 12:12:27.0636 5784        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/16 12:12:27.0683 5784        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/03/16 12:12:27.0729 5784        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/16 12:12:27.0776 5784        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/03/16 12:12:27.0823 5784        BTHPORT        (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/03/16 12:12:27.0948 5784        BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/03/16 12:12:28.0135 5784        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/16 12:12:28.0213 5784        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/16 12:12:28.0275 5784        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/16 12:12:28.0369 5784        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/16 12:12:28.0463 5784        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/16 12:12:28.0509 5784        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/16 12:12:28.0572 5784        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/16 12:12:28.0619 5784        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/16 12:12:28.0650 5784        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/16 12:12:28.0728 5784        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/16 12:12:28.0853 5784        DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/16 12:12:28.0915 5784        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/16 12:12:28.0962 5784        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/16 12:12:29.0071 5784        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/16 12:12:29.0149 5784        DXGKrnl        (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/16 12:12:29.0352 5784        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/16 12:12:29.0492 5784        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/16 12:12:29.0539 5784        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/16 12:12:29.0617 5784        ETD            (907c561d5f01133f247e4e2e74e20e30) C:\Windows\system32\DRIVERS\ETD.sys
2011/03/16 12:12:29.0711 5784        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/16 12:12:29.0742 5784        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/16 12:12:29.0820 5784        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/16 12:12:29.0898 5784        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/16 12:12:29.0929 5784        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/16 12:12:29.0991 5784        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/16 12:12:30.0054 5784        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/16 12:12:30.0116 5784        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/16 12:12:30.0179 5784        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/16 12:12:30.0288 5784        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/16 12:12:30.0350 5784        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/16 12:12:30.0397 5784        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/16 12:12:30.0459 5784        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/16 12:12:30.0522 5784        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/03/16 12:12:30.0584 5784        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/16 12:12:30.0631 5784        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/16 12:12:30.0678 5784        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/16 12:12:30.0771 5784        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/16 12:12:30.0849 5784        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/16 12:12:30.0943 5784        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/16 12:12:31.0021 5784        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/16 12:12:31.0083 5784        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/16 12:12:31.0130 5784        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/16 12:12:31.0239 5784        iaStor          (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/16 12:12:31.0317 5784        iaStorV        (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/16 12:12:31.0551 5784        igfx            (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/16 12:12:31.0629 5784        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/16 12:12:31.0723 5784        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/16 12:12:31.0770 5784        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/16 12:12:31.0848 5784        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/16 12:12:31.0895 5784        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/16 12:12:31.0957 5784        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/16 12:12:32.0019 5784        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/16 12:12:32.0066 5784        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/16 12:12:32.0129 5784        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/16 12:12:32.0191 5784        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/16 12:12:32.0253 5784        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/16 12:12:32.0316 5784        kbfiltr        (3eb803312987ff44265c87cb960df6ab) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/03/16 12:12:32.0363 5784        KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/16 12:12:32.0441 5784        KSecPkg        (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/16 12:12:32.0503 5784        L1C            (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\Windows\system32\DRIVERS\L1C62x86.sys
2011/03/16 12:12:32.0628 5784        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/16 12:12:32.0706 5784        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/16 12:12:32.0753 5784        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/16 12:12:32.0799 5784        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/16 12:12:32.0846 5784        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/16 12:12:32.0893 5784        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/16 12:12:33.0002 5784        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/16 12:12:33.0065 5784        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/16 12:12:33.0158 5784        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/16 12:12:33.0221 5784        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/16 12:12:33.0267 5784        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/16 12:12:33.0345 5784        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/16 12:12:33.0392 5784        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/16 12:12:33.0455 5784        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/16 12:12:33.0501 5784        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/16 12:12:33.0595 5784        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/16 12:12:33.0657 5784        mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/16 12:12:33.0735 5784        mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/16 12:12:33.0813 5784        mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/16 12:12:33.0860 5784        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/16 12:12:33.0907 5784        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/16 12:12:34.0001 5784        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/16 12:12:34.0063 5784        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/16 12:12:34.0094 5784        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/16 12:12:34.0172 5784        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/16 12:12:34.0235 5784        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/16 12:12:34.0281 5784        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/16 12:12:34.0328 5784        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/16 12:12:34.0391 5784        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/16 12:12:34.0437 5784        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/16 12:12:34.0500 5784        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/16 12:12:34.0531 5784        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/16 12:12:34.0609 5784        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/16 12:12:34.0671 5784        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/16 12:12:34.0734 5784        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/16 12:12:34.0796 5784        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/16 12:12:34.0843 5784        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/16 12:12:34.0874 5784        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/16 12:12:34.0921 5784        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/16 12:12:34.0983 5784        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/16 12:12:35.0030 5784        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/16 12:12:35.0139 5784        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/16 12:12:35.0202 5784        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/16 12:12:35.0311 5784        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/16 12:12:35.0420 5784        Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/16 12:12:35.0467 5784        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/16 12:12:35.0514 5784        nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/16 12:12:35.0561 5784        nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/16 12:12:35.0623 5784        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/16 12:12:35.0654 5784        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/16 12:12:35.0779 5784        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/16 12:12:35.0810 5784        partmgr        (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/16 12:12:35.0857 5784        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/16 12:12:35.0919 5784        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/16 12:12:35.0982 5784        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/16 12:12:36.0029 5784        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/16 12:12:36.0075 5784        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/16 12:12:36.0138 5784        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/16 12:12:36.0387 5784        Point32        (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys
2011/03/16 12:12:36.0481 5784        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/16 12:12:36.0528 5784        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/16 12:12:36.0621 5784        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/16 12:12:36.0715 5784        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/16 12:12:36.0762 5784        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/16 12:12:36.0840 5784        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/16 12:12:36.0871 5784        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/16 12:12:36.0918 5784        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/16 12:12:36.0980 5784        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/16 12:12:37.0043 5784        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/16 12:12:37.0089 5784        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/16 12:12:37.0152 5784        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/16 12:12:37.0199 5784        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/16 12:12:37.0261 5784        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/16 12:12:37.0323 5784        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/16 12:12:37.0386 5784        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/16 12:12:37.0448 5784        RDPWD          (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/16 12:12:37.0511 5784        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/16 12:12:37.0573 5784        regi            (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/03/16 12:12:37.0667 5784        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/03/16 12:12:37.0745 5784        RimUsb          (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys
2011/03/16 12:12:37.0807 5784        RimVSerPort    (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/03/16 12:12:37.0854 5784        ROOTMODEM      (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/03/16 12:12:37.0947 5784        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/16 12:12:37.0994 5784        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/16 12:12:38.0072 5784        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/16 12:12:38.0181 5784        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/16 12:12:38.0259 5784        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/16 12:12:38.0322 5784        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/16 12:12:38.0353 5784        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/16 12:12:38.0478 5784        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/16 12:12:38.0525 5784        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/16 12:12:38.0587 5784        sffp_sd        (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/16 12:12:38.0618 5784        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/16 12:12:38.0712 5784        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/16 12:12:38.0759 5784        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/16 12:12:38.0821 5784        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/16 12:12:38.0883 5784        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/16 12:12:38.0977 5784        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/16 12:12:39.0102 5784        srv            (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/16 12:12:39.0180 5784        srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/16 12:12:39.0273 5784        srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/16 12:12:39.0367 5784        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/16 12:12:39.0429 5784        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/16 12:12:39.0523 5784        SynTP          (bd8e7f87de409a745a132a8812de5a96) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/16 12:12:39.0679 5784        Tcpip          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/16 12:12:39.0819 5784        TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/16 12:12:39.0944 5784        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/16 12:12:40.0038 5784        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/16 12:12:40.0100 5784        TDTCP          (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/16 12:12:40.0178 5784        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/16 12:12:40.0225 5784        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/16 12:12:40.0381 5784        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/16 12:12:40.0459 5784        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/16 12:12:40.0521 5784        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/16 12:12:40.0568 5784        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/16 12:12:40.0677 5784        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/16 12:12:40.0755 5784        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/16 12:12:40.0802 5784        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/16 12:12:40.0896 5784        usbccgp        (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/16 12:12:40.0974 5784        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/16 12:12:41.0036 5784        usbehci        (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/16 12:12:41.0099 5784        usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/16 12:12:41.0161 5784        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/16 12:12:41.0208 5784        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/16 12:12:41.0333 5784        usbsmi          (6496f6a34fca3d68fdbcdfb269c1c046) C:\Windows\system32\DRIVERS\SMIksdrv.sys
2011/03/16 12:12:41.0379 5784        USBSTOR        (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/16 12:12:41.0442 5784        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/16 12:12:41.0504 5784        usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/03/16 12:12:41.0582 5784        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/16 12:12:41.0660 5784        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/16 12:12:41.0723 5784        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/16 12:12:41.0769 5784        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/16 12:12:41.0816 5784        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/16 12:12:41.0863 5784        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/16 12:12:41.0925 5784        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/16 12:12:41.0988 5784        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/16 12:12:42.0050 5784        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/16 12:12:42.0097 5784        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/16 12:12:42.0144 5784        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/16 12:12:42.0222 5784        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/16 12:12:42.0284 5784        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/16 12:12:42.0331 5784        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/03/16 12:12:42.0425 5784        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/16 12:12:42.0471 5784        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/16 12:12:42.0503 5784        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/16 12:12:42.0627 5784        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/16 12:12:42.0690 5784        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/16 12:12:42.0830 5784        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/16 12:12:42.0877 5784        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/16 12:12:43.0049 5784        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/16 12:12:43.0205 5784        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/16 12:12:43.0314 5784        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/16 12:12:43.0376 5784        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/16 12:12:43.0735 5784        ================================================================================
2011/03/16 12:12:43.0735 5784        Scan finished
2011/03/16 12:12:43.0735 5784        ================================================================================

cosinus 16.03.2011 12:29
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

creole 16.03.2011 15:32
Hier die Gmer-Ausgabe:

Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-16 15:31:10
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST932032 rev.0003
Running: qmr6qywv.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\uxryqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                        81A47589 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  81A6C092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                              Das System kann die angegebene Datei nicht finden. !
?              C:\Users\Stefan\AppData\Local\Temp\catchme.sys                                                                          Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2400] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75A75E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2400] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [75A75E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2400] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]  [75A75E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2400] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [75A75E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2400] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75A75E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2400] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [75A75E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd61bfc73                                           
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd61bfc73@307c30d56083                                0xEB 0x6F 0xAC 0xE6 ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd61bfc73 (not active ControlSet)                       
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd61bfc73@307c30d56083                                    0xEB 0x6F 0xAC 0xE6 ...

---- EOF - GMER 1.0.15 ----
jetzt OSAM:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:43:36 on 16.03.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.15

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GlaryInitialize.job" - "Glarysoft Ltd" - C:\Program Files\Glary Utilities\initialize.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AsIO" (AsIO) - ? - C:\Windows\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"AsUpIO" (AsUpIO) - ? - C:\Windows\System32\drivers\AsUpIO.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\Users\Stefan\AppData\Local\Temp\catchme.sys  (File not found)
"mbr" (mbr) - ? - C:\cofi.exe\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"uxryqpob" (uxryqpob) - ? - C:\Users\Stefan\AppData\Local\Temp\uxryqpob.sys  (Hidden registry entry, rootkit activity | File not found)
"ZTE Diagnostic Port" (ZTEusbser6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbser6k.sys  (File not found)
"ZTE Mass Storage Filter Driver" (massfilter) - ? - C:\Windows\System32\drivers\massfilter.sys  (File not found)
"ZTE NMEA Port" (ZTEusbnmea) - ? - C:\Windows\System32\DRIVERS\ZTEusbnmea.sys  (File not found)
"ZTE Proprietary USB Driver" (ZTEusbmdm6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{72923739-5A47-40A3-9895-25AF0DFBB9E4} "Glary Utilities Context Menu Shell Extension" - "Glarysoft Ltd" - C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwir.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10m.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ASUSWebStorage" - "ecareme" - C:\Program Files\ASUS\ASUS WebStorage\3.0.88.169\AsusWSPanel.exe /S
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"CapsHook" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe
"HotkeyMon" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
"HotkeyService" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"IntelliPoint" - "Microsoft Corporation" - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LiveUpdate" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
"PenWrite" - ? - C:\Program Files\ASUS\PenWrite\PenWrite.exe AutoRun
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TouchHomeKey" - ? - C:\Program Files\asus\TouchHomeKey\TouchHomeKey.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Asus Launcher Service" (AsusService) - ? - C:\Windows\System32\AsusService.exe  (File found, but it contains no detailed information)
"Asus process privilege adjust service" (AsusUacSvc) - ? - C:\Program Files\asus\2DoorWayTouchSuite\AsusUacSvc.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
und zu guter letzt MBRCheck:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Home Premium Edition
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        ASUSTeK Computer INC.
BIOS Manufacturer:                American Megatrends Inc.
System Manufacturer:                ASUSTeK Computer INC.
System Product Name:                T101MT
Logical Drives Mask:                0x0000000c

Kernel Drivers (total 168):
  0x81A04000 \SystemRoot\system32\ntkrnlpa.exe
  0x81E14000 \SystemRoot\system32\halmacpi.dll
  0x81889000 \SystemRoot\system32\kdcom.dll
  0x87C00000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x87C78000 \SystemRoot\system32\PSHED.dll
  0x87C89000 \SystemRoot\system32\BOOTVID.dll
  0x87C91000 \SystemRoot\system32\CLFS.SYS
  0x87CD3000 \SystemRoot\system32\CI.dll
  0x87D7E000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x87DEF000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x87E2C000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x87E74000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x87E7D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x87E85000 \SystemRoot\system32\DRIVERS\pci.sys
  0x87EAF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x87EBA000 \SystemRoot\System32\drivers\partmgr.sys
  0x87ECB000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x87ED3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x87EDE000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x87EEE000 \SystemRoot\System32\drivers\volmgrx.sys
  0x87F39000 \SystemRoot\System32\drivers\mountmgr.sys
  0x88003000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x881B8000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x881C1000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x881E4000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x881EE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x87F4F000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x87F58000 \SystemRoot\system32\drivers\fltmgr.sys
  0x87F8C000 \SystemRoot\system32\drivers\fileinfo.sys
  0x88216000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x88345000 \SystemRoot\System32\Drivers\msrpc.sys
  0x88370000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x88383000 \SystemRoot\System32\Drivers\cng.sys
  0x883E0000 \SystemRoot\System32\drivers\pcw.sys
  0x883EE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x88410000 \SystemRoot\system32\drivers\ndis.sys
  0x884C7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x88505000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8863D000 \SystemRoot\System32\drivers\tcpip.sys
  0x88786000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x887B7000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x887F6000 \SystemRoot\System32\Drivers\spldr.sys
  0x88600000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8862D000 \SystemRoot\System32\Drivers\mup.sys
  0x8852A000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x88532000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x88564000 \SystemRoot\system32\DRIVERS\disk.sys
  0x88575000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8AA1F000 \SystemRoot\System32\Drivers\Null.SYS
  0x8ABED000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8ABF4000 \SystemRoot\System32\drivers\vga.sys
  0x885A7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8AA00000 \SystemRoot\System32\drivers\watchdog.sys
  0x8AA0D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8AA15000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x885C8000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x885D0000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x885DB000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x885E9000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x88400000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x87F9D000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8BA38000 \SystemRoot\system32\drivers\afd.sys
  0x8BA92000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8BA99000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8BAB8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x8BAC9000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8BAD7000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8BAEA000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8BAFA000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8BB3B000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8BB45000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8BB4F000 \SystemRoot\System32\drivers\discache.sys
  0x8BB5B000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8BB73000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x8BB81000 \SystemRoot\system32\drivers\AsUpIO.sys
  0x8BB83000 \SystemRoot\system32\drivers\AsIO.sys
  0x8BB85000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8BBA6000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8BC29000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8C131000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8BBB8000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x8BC00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8C23A000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8C367000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x8C371000 \SystemRoot\system32\DRIVERS\L1C62x86.sys
  0x8C381000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8C38C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8C3D7000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C3E6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8C200000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
  0x8C208000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8BA00000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8C215000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8C217000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C224000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8C228000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8C1E8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x8C231000 \SystemRoot\System32\Drivers\RootMdm.sys
  0x8BBF1000 \SystemRoot\system32\drivers\modem.sys
  0x88200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x87FCF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8C1F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x87E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x87FE7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8C430000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8C447000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8C45E000 \SystemRoot\system32\DRIVERS\RimSerial.sys
  0x8C465000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8C467000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8C49B000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8C4A9000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8C4ED000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8C4FE000 \SystemRoot\system32\drivers\HdAudio.sys
  0x8C54E000 \SystemRoot\system32\drivers\portcls.sys
  0x8C57D000 \SystemRoot\system32\drivers\drmk.sys
  0x8C596000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8C5A1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8C5B4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8C5BB000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8C5C6000 \SystemRoot\system32\DRIVERS\MTConfig.sys
  0x8E8D0000 \SystemRoot\System32\win32k.sys
  0x8C5CE000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8C5D8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8C400000 \SystemRoot\system32\DRIVERS\SMIksdrv.sys
  0x80E08000 \SystemRoot\system32\DRIVERS\SMIEXP.SYS
  0x81077000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x81082000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8EB30000 \SystemRoot\System32\TSDDD.dll
  0x8AA26000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x8108F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x8EB60000 \SystemRoot\System32\cdd.dll
  0x810A0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x81122000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x8EB80000 \SystemRoot\System32\ATMFD.DLL
  0x8118B000 \SystemRoot\system32\DRIVERS\point32.sys
  0x81194000 \SystemRoot\system32\drivers\luafv.sys
  0x811AF000 \SystemRoot\system32\drivers\WudfPf.sys
  0x811C9000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA3C28000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xA3C6E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA3C7E000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA3C9A000 \SystemRoot\system32\drivers\HTTP.sys
  0xA3D1F000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA3D38000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA3D4A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA3D6D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA3DA8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA7423000 \SystemRoot\system32\drivers\peauth.sys
  0xA74BA000 \SystemRoot\system32\drivers\regi.sys
  0xA74BC000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA74C6000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA74E7000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA74F4000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA7543000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA7595000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0xAF475000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xAF47E000 \??\C:\Users\Stefan\AppData\Local\Temp\catchme.sys
  0xAF49F000 \??\C:\Users\Stefan\AppData\Local\Temp\uxryqpob.sys
  0xAF4B7000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0xAF4C9000 \SystemRoot\System32\Drivers\bthport.sys
  0xAF52D000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0xAF551000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0xAF55E000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0xAF579000 \SystemRoot\system32\DRIVERS\bthmodem.sys
  0x77A00000 \Windows\System32\ntdll.dll
  0x47F30000 \Windows\System32\smss.exe
  0x77C40000 \Windows\System32\apisetschema.dll
  0x007A0000 \Windows\System32\autochk.exe

Processes (total 68):
      0 System Idle Process
      4 System
    248 C:\Windows\System32\smss.exe
    352 csrss.exe
    396 C:\Windows\System32\wininit.exe
    404 csrss.exe
    452 C:\Windows\System32\services.exe
    488 C:\Windows\System32\winlogon.exe
    508 C:\Windows\System32\lsass.exe
    516 C:\Windows\System32\lsm.exe
    608 C:\Windows\System32\svchost.exe
    692 C:\Windows\System32\svchost.exe
    788 C:\Windows\System32\svchost.exe
    824 C:\Windows\System32\svchost.exe
    900 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\wisptis.exe
    1168 C:\Windows\System32\svchost.exe
    1348 C:\Windows\System32\wisptis.exe
    1360 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    1400 C:\Windows\System32\dwm.exe
    1568 C:\Windows\System32\spoolsv.exe
    1620 C:\Windows\System32\svchost.exe
    1752 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1760 C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
    1768 C:\Windows\System32\igfxtray.exe
    1780 C:\Windows\System32\hkcmd.exe
    1796 C:\Windows\System32\igfxpers.exe
    1808 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    1844 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    1860 C:\Windows\System32\igfxsrvc.exe
    1876 C:\Program Files\ASUS\TouchHomeKey\TouchHomeKey.exe
    1884 C:\Program Files\iTunes\iTunesHelper.exe
    512 C:\Program Files\ASUS\ASUS WebStorage\3.0.88.169\AsusWSPanel.exe
    1868 C:\Program Files\ASUS\2DoorWayTouchSuite\AsusUacSvc.exe
    392 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1700 C:\Windows\System32\svchost.exe
    1088 C:\Program Files\ASUS\CapsHook\CapsHook.exe
    2060 C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
    2092 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    2236 C:\Windows\System32\taskhost.exe
    2400 C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
    2468 unsecapp.exe
    2548 C:\Windows\System32\svchost.exe
    2676 C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
    2952 WmiPrvSE.exe
    3040 C:\Program Files\iPod\bin\iPodService.exe
    3304 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3348 C:\Windows\System32\svchost.exe
    3440 C:\Windows\System32\SearchIndexer.exe
    3552 C:\Program Files\ASUS\ASUS WebStorage\3.0.88.169\AsusWSService.exe
    4068 C:\Windows\System32\svchost.exe
    1736 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4196 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    4368 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    324 C:\Windows\explorer.exe
    4076 C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    5100 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    4640 WmiPrvSE.exe
    4592 C:\Program Files\Mozilla Firefox\firefox.exe
    3424 C:\Windows\System32\SearchProtocolHost.exe
    5748 C:\Windows\System32\SearchFilterHost.exe
    5436 C:\Windows\explorer.exe
    3488 C:\Windows\System32\audiodg.exe
    6128 dllhost.exe
    3232 dllhost.exe
    4496 C:\Users\Stefan\Downloads\MBRCheck.exe
    2744 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000004a`83900000

PhysicalDrive0 Model Number: ST9320325AS, Rev: 0003SDM1

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus 16.03.2011 16:12
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

creole 18.03.2011 12:05
Also hier Super-Anitspyware:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/18/2011 at 11:53 AM

Application Version : 4.49.1000

Core Rules Database Version : 6620
Trace Rules Database Version: 4432

Scan type      : Quick Scan
Total Scan Time : 00:11:07

Memory items scanned      : 714
Memory threats detected  : 0
Registry items scanned    : 2500
Registry threats detected : 0
File items scanned        : 6760
File threats detected    : 201

Adware.Tracking Cookie
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .apmebf.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .mediaplex.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .doubleclick.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        adx.chip.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .mediaplex.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .zanox-affiliate.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .invitemedia.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .invitemedia.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        ad4.adfarm1.adition.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        ad2.adfarm1.adition.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tracking.quisma.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tribalfusion.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tribalfusion.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tribalfusion.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tribalfusion.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tribalfusion.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .www.burstnet.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .burstnet.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .content.yieldmanager.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .myroitracking.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .clicksor.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .clicksor.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .zedo.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .zedo.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .advertiseyourgame.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .advertiseyourgame.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .advertiseyourgame.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .adbrite.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .adbrite.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .adbrite.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .adbrite.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .adbrite.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .adbrite.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .adbrite.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .atdmt.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .imrworldwide.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .imrworldwide.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .revsci.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .revsci.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tradedoubler.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .collective-media.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .collective-media.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .collective-media.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .collective-media.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .collective-media.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .collective-media.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .revsci.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .revsci.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .revsci.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .revsci.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        tracking.mlsat02.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .webmasterplan.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .zedo.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        www.zanox-affiliate.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        www.active-tracking.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        www.active-tracking.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        www.active-tracking.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .specificclick.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .specificclick.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .specificclick.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .specificclick.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .adviva.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        de.sitestat.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .zanox.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .webmasterplan.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .webmasterplan.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .traffictrack.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .smartadserver.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .smartadserver.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        bmmg.panda-media.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .ads.quartermedia.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tradedoubler.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tradedoubler.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tradedoubler.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .ads.quartermedia.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .ads.quartermedia.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .ads.quartermedia.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .atdmt.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .smartadserver.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .smartadserver.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        ww251.smartadserver.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .smartadserver.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .content.yieldmanager.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .adfarm1.adition.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        adfarm1.adition.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .adfarm1.adition.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .webmasterplan.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .collective-media.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .collective-media.net [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tribalfusion.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        www.burstnet.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .statcounter.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .zedo.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .zedo.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .invitemedia.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .serving-sys.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .serving-sys.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .serving-sys.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .serving-sys.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        ad.zanox.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        adserver2.clipkit.de [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .tracking.quisma.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        statse.webtrendslive.com [ C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
        .doubleclick.net [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .invitemedia.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .invitemedia.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .invitemedia.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .ad.adnet.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.googleadservices.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.googleadservices.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .server.cpmstar.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .server.cpmstar.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .server.cpmstar.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .server.cpmstar.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.googleadservices.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        de.sitestat.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        de.sitestat.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        adx.chip.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        adx.chip.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .serving-sys.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .serving-sys.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        sega.missioncontrol.global-media.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .apmebf.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .mediaplex.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        adx.chip.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ad.zanox.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .zanox.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .traffictrack.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        dc.tremormedia.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .serving-sys.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .serving-sys.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .zanox-affiliate.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .elitepartner.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.elitepartner.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .elitepartner.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .elitepartner.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .elitepartner.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .elitepartner.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .2o7.net [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .im.banner.t-online.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .atdmt.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .atdmt.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .a.revenuemax.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .specificclick.net [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .specificclick.net [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .specificclick.net [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .specificclick.net [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .adviva.net [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .adfarm1.adition.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ad4.adfarm1.adition.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .tracking.quisma.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ad1.adfarm1.adition.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .ad.adnet.de [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .imrworldwide.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .imrworldwide.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        adfarm1.adition.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ad2.adfarm1.adition.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .hansenet.122.2o7.net [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ww251.smartadserver.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .de.at.atwola.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        .content.yieldmanager.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ads.zeusclicks.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        ads.crakmedia.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        www.star-advertising.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        rts.pgmediaserve.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        rts.pgmediaserve.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
        rts.pgmediaserve.com [ C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\cookies.sqlite ]
und mbam:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6079

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.03.2011 21:40:14
mbam-log-2011-03-16 (21-40-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 270505
Laufzeit: 46 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 18.03.2011 13:15
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

creole 18.03.2011 13:19
Nö, soweit ist alles ok. Läuft auch irgendwie alles flüssiger.

Wenns das jetzt war, danke ich dir auf jedenfall vielmals.

cosinus 18.03.2011 13:26
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131