Trojaner-Board - Trojaner, kritischer Fehler und kein Speichplatz

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner, kritischer Fehler und kein Speichplatz (https://www.trojaner-board.de/99422-trojaner-kritischer-fehler-kein-speichplatz.html)

Trojaner, kritischer Fehler und kein Speichplatz

Hallo,
ich hab mir einen Trojaner eingefangen.
Habe Malewarebytes und Superantispyware durchlaufen lassen ( die ergebnisse unten).
Jetzt hab ich noch folgenden Fehler:
"Catalyst Control Center: Host application funktioniert nicht mehr."
hab dazu das OTL durchlaufen lassen. Beide berichte sind unten.

bis jetzt bin ich nach den schon bestehenden Thema:
"Trojaner, kritischer Fehler auf der Festplatte, Windows findet keinen Speicherplatz "
geganen. Aber nun komm ich nicht weiter. Hab noch einen weisen Bildschirm ohne icons.

Wäre super, wenn mir jemand helfen kann.

Vielen Dank schon mal

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6639

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22.05.2011 13:38:45
mbam-log-2011-05-22 (13-38-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 149955
Laufzeit: 9 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\programdata\wvlmhxgdqr.exe (Trojan.FakeMS.Gen) -> 2184 -> Unloaded process successfully.
c:\programdata\44687096.exe (Rogue.WindowsRecoveryConsole) -> 4508 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvLmHXgdqR (Trojan.FakeMS.Gen) -> Value: wvLmHXgdqR -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\wvlmhxgdqr.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\programdata\44687096.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

AntiSpy
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/22/2011 at 01:10 PM

Application Version : 4.52.1000

Core Rules Database Version : 7110
Trace Rules Database Version: 4922

Scan type : Complete Scan
Total Scan Time : 01:55:34

Memory items scanned : 728
Memory threats detected : 1
Registry items scanned : 7593
Registry threats detected : 0
File items scanned : 180447
File threats detected : 65

Adware.Vundo/Variant-MSFake
C:\PROGRAMDATA\42983160.EXE
C:\PROGRAMDATA\42983160.EXE
C:\Windows\Prefetch\42983160.EXE-7ABE5ADA.pf

Adware.Tracking Cookie
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@hlstatsx[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@bs.serving-sys[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@ad.yieldmanager[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@webmasterplan[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@content.yieldmanager[3].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@mediaplex[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@sevenoneintermedia.112.2o7[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@tradedoubler[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@fastclick[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@doubleclick[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@tracking.mindshare[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@at.atwola[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@bluestreak[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@ad.adc-serv[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@adserver.traffictrack[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@adfarm1.adition[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@ad.zanox[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@ad.adnet[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@zanox[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@serving-sys[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@imrworldwide[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@www.zanox-affiliate[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@tacoda[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@ad2.adfarm1.adition[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@ads.creative-serving[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@tracking.quisma[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@advertising[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@zbox.zanox[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@unitymedia[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@tracking.hannoversche[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@apmebf[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@atdmt[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@atwola[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@zanox-affiliate[2].txt
aka-cdn-ns.adtech.de [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
bc.youporn.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
cdn1.image.freeporn.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
cdn1.pics.mofosex.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
cdn1.static1.pornrabbit.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
cdn5.specificclick.net [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
counter.cam-content.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
games.adultswim.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
ia.media-imdb.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
imagesrv.adition.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
imgs.adverticum.net [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
media.mtvnservices.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
media.scanscout.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
media01.gameloft.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
media1.break.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
s0.2mdn.net [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
secure-uk.imrworldwide.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
secure-us.imrworldwide.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
serving-sys.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
static.sunporno.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
www.adserv3.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
www.adservercentral.info [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
www.alphaporno.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
www.naiadsystems.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
www.pornerbros.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
www.pornhub.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
www.pornme.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]
www.secmedia.de [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]

Trojan.Agent/Gen-FakeAntiSpy
C:\USERS\FELIX\APPDATA\LOCAL\TEMP\ADOBE_FLASH_PLAYER.EXE

Hier noch die OTL berichte:OTL Logfile:

Code:

OTL Extras logfile created on: 22.05.2011 13:55:32 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Felix\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 226,76 Gb Total Space | 131,96 Gb Free Space | 58,20% Space Free | Partition Type: NTFS

Drive D: | 226,00 Gb Total Space | 224,35 Gb Free Space | 99,27% Space Free | Partition Type: NTFS

Drive E: | 1,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01ECC3CC-DAD8-4715-A69F-301E51E2140E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{0C948884-6C4E-4D70-A740-B08EC86422FA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{1EEBE49B-82BD-47F5-AF0C-3E5DD690FABA}" = lport=138 | protocol=17 | dir=in | app=system | 

"{278C37A3-B383-46E6-B46F-920B274612FD}" = lport=137 | protocol=17 | dir=in | app=system | 

"{48BE4F19-5DBB-42F7-9840-13AE6E011701}" = lport=445 | protocol=6 | dir=in | app=system | 

"{49957279-DB68-4D19-9686-252C0752458C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{5C57BC1C-44C9-4906-9A07-B091DC207E3E}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 

"{681698B5-7A1A-4B56-8714-F721FC4A61E6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{6CB2137F-2AFB-4646-9DE7-9C5CC66DB423}" = rport=138 | protocol=17 | dir=out | app=system | 

"{7E3165F2-F54F-407F-B4FF-4E5320994964}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher | 

"{8422F98D-3253-4FE7-A8CA-4E32C9D4B7E5}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 

"{8E4F7B1D-F46E-43F7-9521-8CA30B418D17}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher | 

"{A65D2D46-45E6-4AB5-9746-E96694661324}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{AAB0BD41-4208-483B-9BA6-754582D4FB91}" = rport=445 | protocol=6 | dir=out | app=system | 

"{B4D7B22F-EDB2-4E91-BD98-304AC3BBDC41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{C3256DEA-6299-4007-BA4D-4D04E1B1D022}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 

"{CA875650-A696-448E-A305-58C3D7B580B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{DC1F5D32-553D-487E-846E-0A7185272224}" = lport=139 | protocol=6 | dir=in | app=system | 

"{E375AD22-E6E6-4C96-A4F3-59486F569777}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{E38D8D5D-CF3D-40F1-A312-2E53E34D11E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E87A9828-6F7A-4C15-A8B5-68CD99375094}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 

"{F069C67B-5717-4496-BD8F-7A87A6879BF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F21B14AE-8888-45B6-9216-5BE43EA86D6F}" = rport=137 | protocol=17 | dir=out | app=system | 

"{F5247E09-A578-48CA-AE46-6A6E9DBFAE89}" = rport=139 | protocol=6 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A8F0797-8BC6-465A-B01F-826825B31A76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{0C4658C9-EE8C-4E9C-BDBA-6D2C30A9A2B2}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 

"{0FF32670-383F-4D96-AF20-5227B96C3E20}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{14321BE8-B11E-4C26-A3F1-249F665561F6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{1849697E-5D2D-46A3-A750-EADDDA1B82AF}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 

"{19AF2F96-280E-4AAA-9DA7-69A7C3105DE4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\sk1pp\counter-strike\hl.exe | 

"{281913ED-E8C0-43D0-8E1D-4734C2EE4218}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{2CBABE00-DEC9-4F63-8284-A9CF3E2DC2D2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{3418AD1E-99B4-4EA3-9831-83972942181E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{34870E45-0DE4-45B3-B1E7-A7F5C073C69A}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 

"{3A7A118C-84CE-4138-A1B5-AC99CAA1A30A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{3FB18742-9378-4A01-9B4D-1AE0598ACCDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{4AF369D2-8901-420C-B2FF-EA512F16C64C}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 

"{5977618C-C8E8-40DE-8D66-D6CFB1188E65}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\sk1pp\day of defeat\hl.exe | 

"{5B37CD0A-B6D9-4ABB-9853-F846E0578218}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{5CDB2DB7-24F8-4D5A-BAC9-843B7D4BCF6E}" = protocol=6 | dir=in | app=d:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 

"{5DEA3FB2-9709-478F-B391-65081E023774}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{5F148107-E89C-4DFC-8618-2B2D95E258A5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{63E9EEE8-1669-4E38-953D-DA653D20C255}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 

"{75365E49-E805-4DFD-BA23-D68F791FD878}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{75628CF9-E4A1-47EF-B653-DC2C3A500743}" = protocol=17 | dir=in | app=d:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 

"{83BC42C8-5526-4D25-8A67-D5D7A99800F8}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"{8458D086-CA40-4CA3-924D-BD77A842924E}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 

"{87DABAAD-0CFA-48DD-AB0D-F34E56CB1A40}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{8B8F8A1C-CFB1-4EB0-A07F-7B66C760F5F0}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"{8F52C181-0F0D-4D3F-B316-4D6F2AB4BC88}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\sk1pp\day of defeat\hl.exe | 

"{90E77AC6-26DE-48F9-9D1F-F3AE801FE747}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 

"{91026C5B-54B7-4363-B58B-A1B7E770FC9C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{917F707B-07B5-42C3-9737-E0006E791811}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\sk1pp\counter-strike\hl.exe | 

"{93172624-22C6-453A-BA09-D68C19C36820}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{94B88145-A79F-4AA6-938D-259AB1E31D25}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{9B859E58-1350-43CB-82E5-0B740ED70712}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{9C8D570B-C959-4811-BC6C-499F13B912ED}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 

"{9D56EF44-2BF5-43A2-8AAD-EEDB3D73DC61}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 

"{9D6AFDAF-0A58-4DA4-83CF-61A65F068608}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{A0C5A5F8-644A-4A31-B048-700C33828B47}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{A7F7CEBA-347D-4DCA-A4DE-A2B6918AE912}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\sk1pp\counter-strike source\hl2.exe | 

"{B60B460C-2794-4F47-A22D-C9F0C87CAF61}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\sk1pp\counter-strike source\hl2.exe | 

"{BDE98FFA-A59E-42A1-90AE-A5201F94E741}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{C243C223-C33B-42B3-84BA-77792BEC4362}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{C291508C-F7BD-498B-834D-6F6FCD15C4E2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{C9E537EF-741E-4433-8619-7BEEA87DDC46}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{CA2A9253-05A7-4A06-B9AC-5FFA2D39777E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{D06082C7-2A29-4AFD-BBF5-32236E24C4D7}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{D9B74269-304A-476A-ABA4-C82DDB7C08CB}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 

"{E60BB175-8E31-4261-8E78-0F8EF2157FDF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{E92681A1-AFD1-48B3-95A9-24A0C0312C96}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{F0447D04-44BF-46D1-9F8D-D065AE7DB4D9}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 

"{F0C4A210-A823-4F26-90A2-89B69BC31E01}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{FDCFAA91-290D-4851-95F6-C30A89787106}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"TCP Query User{029E4E02-42E9-4BE5-A32A-BEA8C1CFD8FA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{0E94D920-F0DD-40B1-8706-A4A23A02D134}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe | 

"TCP Query User{26B8B1DF-7B96-43D3-BB08-78B7D32C50D1}C:\program files\dotalicious gaming client\client.exe" = protocol=6 | dir=in | app=c:\program files\dotalicious gaming client\client.exe | 

"TCP Query User{463EEA66-3832-47CB-AB4B-08388E6DD456}D:\program files\ea games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=d:\program files\ea games\command and conquer generals\game.dat | 

"TCP Query User{5EC773B7-3EBC-4475-BCD9-E55C8518BB41}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 

"TCP Query User{7AB47933-9FD7-444D-84A6-07BA041425DF}C:\program files\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe | 

"TCP Query User{7D42EE8C-0E53-4955-9BE0-5E7A17B797C7}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 

"TCP Query User{7D92914D-BECD-4F9A-8E42-3D77C3592026}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | 

"TCP Query User{8B5292B7-5969-4128-90BB-C835ED1ABBDB}C:\users\felix\desktop\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\felix\desktop\wc3\war3.exe | 

"TCP Query User{8C5928F5-37CF-4C56-9FDD-506EB1453B85}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 

"TCP Query User{AB64028D-A969-4228-A1A2-15E6D144B5B1}C:\program files\dotalicious gaming client\client.exe" = protocol=6 | dir=in | app=c:\program files\dotalicious gaming client\client.exe | 

"TCP Query User{B084174D-847E-4847-A86D-A3CAFEBC7560}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{B8ACE9E3-B98B-45EA-91E0-C72F94EBD0C6}C:\microprose\the test of time\civ2.exe" = protocol=6 | dir=in | app=c:\microprose\the test of time\civ2.exe | 

"TCP Query User{BA3A0EA6-6C5A-48AF-876B-B95E7F9A6244}C:\program files\steam\steamapps\sk1pp\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\sk1pp\day of defeat source\hl2.exe | 

"TCP Query User{D1A74864-86AB-4AED-B173-F8E1150F04D5}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"TCP Query User{D629BF65-9E95-4E12-9727-7F06E26FE293}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | 

"TCP Query User{E810F3A4-AA9E-48AC-857C-41F9BF4AAF07}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe | 

"TCP Query User{F15174DA-7F1B-4752-BF19-3BA061B2F081}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 

"TCP Query User{F577A9DE-E4F7-498F-817D-D259F5072420}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe | 

"TCP Query User{F6C05A35-F1B8-4962-A274-14788ABAC7FA}C:\users\felix\downloads\teamspeak3-server_win32-3.0.0-beta12\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\felix\downloads\teamspeak3-server_win32-3.0.0-beta12\teamspeak3-server_win32\ts3server_win32.exe | 

"TCP Query User{FCC0CE24-0669-4F63-A5E3-0D49E130CF16}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe | 

"UDP Query User{0842C692-75DB-44D0-BB3F-F53AEEDE8F43}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe | 

"UDP Query User{16664676-A56D-4944-ABE2-6221489B6D3C}D:\program files\ea games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=d:\program files\ea games\command and conquer generals\game.dat | 

"UDP Query User{2DF3325F-35CF-4849-88B8-E8860E4068CB}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"UDP Query User{3F782A09-265C-4E9C-86B2-407D0792AC12}C:\microprose\the test of time\civ2.exe" = protocol=17 | dir=in | app=c:\microprose\the test of time\civ2.exe | 

"UDP Query User{4969A184-E906-4043-B561-0E8D074EEA1E}C:\program files\steam\steamapps\sk1pp\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\sk1pp\day of defeat source\hl2.exe | 

"UDP Query User{4E432948-097A-4579-AED1-F6F3F0CA2F06}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 

"UDP Query User{6405D92D-C844-428F-8C91-27E1DA4DE932}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 

"UDP Query User{6B73B375-AFA2-45C1-9833-4A2285D8A290}C:\users\felix\downloads\teamspeak3-server_win32-3.0.0-beta12\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\felix\downloads\teamspeak3-server_win32-3.0.0-beta12\teamspeak3-server_win32\ts3server_win32.exe | 

"UDP Query User{73C564F1-0F1B-49D4-BA8E-A9A5F88BCEDB}C:\program files\dotalicious gaming client\client.exe" = protocol=17 | dir=in | app=c:\program files\dotalicious gaming client\client.exe | 

"UDP Query User{7E9A1396-E982-40AF-889A-541ACDF22BEF}C:\program files\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe | 

"UDP Query User{8BB0BADE-D7DE-424B-AA5C-1C851B6007A8}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | 

"UDP Query User{90F1321D-E80B-47A4-9ACC-1F7A01623077}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe | 

"UDP Query User{9AA21F8C-EA6A-4E38-8A7E-65BDD4EC3DC8}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | 

"UDP Query User{A2525C2D-08D4-4C4A-83A3-5E424F52B0BF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"UDP Query User{C18759B6-B7D3-42FA-B3E5-6C165FEEDF1A}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 

"UDP Query User{D195CB37-C224-46CB-BCD4-CA0756776AAC}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe | 

"UDP Query User{D26D0058-0B15-435F-82F1-0ADA4CF69947}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 

"UDP Query User{D7FE8867-3745-4D70-94F7-3B1ADE2D883D}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"UDP Query User{DA746F47-FA43-4EDB-9297-AE4653C49A4B}C:\program files\dotalicious gaming client\client.exe" = protocol=17 | dir=in | app=c:\program files\dotalicious gaming client\client.exe | 

"UDP Query User{EDD54FF5-C2DE-4B1A-9CA7-9E32DE0CEC5B}C:\users\felix\desktop\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\felix\desktop\wc3\war3.exe | 

"UDP Query User{FEC58041-9A2C-4B42-82D7-E2A1E0E7DB7B}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{027CC103-7CBD-3091-BD05-61C3B39C5F41}" = CCC Help French

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{05C866EC-C6E6-B63B-5E93-310048EA28F4}" = ccc-utility

"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition

"{13C3016D-EDE0-A37F-1F01-DAFB618DA715}" = CCC Help Greek

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III

"{16119AAC-9FE5-8BDC-6DEF-F52576AF1649}" = CCC Help Czech

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{20226F96-074F-CA03-3FDB-48EA38F99A34}" = CCC Help English

"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer

"{2F0B0B99-2AF4-0A85-4E37-F45C48CC0B21}" = CCC Help Swedish

"{312E49B1-3621-C991-7A6F-E3B30CCA9E6B}" = CCC Help Turkish

"{31B1789F-00B9-D898-1578-CE4CD0EF205B}" = CCC Help Chinese Standard

"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6

"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor

"{3B240B92-3596-9F6F-2D1D-2E031D50F5DC}" = CCC Help Danish

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{47F081A8-64F6-C280-A694-5637817B8904}" = Catalyst Control Center Graphics Light

"{506CEF40-A02C-D047-3F75-0FB34AFCCEE7}" = CCC Help Hungarian

"{52797A98-AB5F-2715-BAB9-256085988154}" = Catalyst Control Center Graphics Previews Vista

"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{581FE9BC-4A4F-85D9-7308-09DCD7817C29}" = ccc-core-static

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{65A5CA1A-16CF-0FE2-2452-ED6D625AD58F}" = Skins

"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting

"{6A1F72DD-2465-43A2-A137-8A849399B7A8}" = REALTEK Wireless LAN Software

"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager

"{70E893FF-56BB-8AF3-64E4-54A49F9F896E}" = Catalyst Control Center Graphics Full Existing

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7FE0877D-B669-F5E1-1842-0E9676F03A7A}" = Catalyst Control Center Core Implementation

"{836A12E6-3418-593C-DC70-B7E7048C44F2}" = CCC Help Dutch

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2

"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{94815A13-F1B8-1384-0F0A-A8E4CE6EA62B}" = CCC Help Thai

"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A230C543-7D98-D7CF-91EF-280081A0DDD2}" = CCC Help Japanese

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus

"{A6BEDC5B-ABF7-FADF-8D0F-0FF1FEF34C87}" = CCC Help Chinese Traditional

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender

"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch

"{AFB6EECF-0CA4-9C01-C48A-6F0E5BB0FE74}" = Catalyst Control Center Localization All

"{B00EE7D4-8D4C-CE86-D1DF-5B9D026C13F5}" = CCC Help Russian

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding

"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide

"{BD9F153A-E812-B910-EA23-1BFEF07D3352}" = CCC Help Korean

"{BE12D93E-0C6E-7DDD-0838-667326C287A1}" = CCC Help German

"{C0E2DFB6-3D76-8BAD-62DF-47871AF6A5A4}" = CCC Help Polish

"{C19DBE5E-712E-4F02-8380-ECEDD951B374}" = Fujitsu Siemens

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C343B6AD-A23C-8138-35CE-883DE2DEAFE7}" = CCC Help Finnish

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2777D85-7E63-402F-A5E7-2AF436C1C9D4}" = Intel(R) PROSet/Wireless WiFi Software

"{DDF998C0-099C-5D46-9985-5730306330A9}" = CCC Help Spanish

"{DEB8C753-9CB6-1BD1-34BA-4ED9382755E9}" = ATI Catalyst Install Manager

"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{ED97F2D3-7BCF-E0B4-E8C6-0F6BA058CA95}" = CCC Help Portuguese

"{EEFB5B34-DEF9-0BF4-89A9-AB62320AA44E}" = Catalyst Control Center Graphics Full New

"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5115AA1-78F1-EBBC-4888-A10310FD4A6A}" = CCC Help Italian

"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FD458F33-C5A9-3E69-425C-129F21B3ADF9}" = CCC Help Norwegian

"{FEC19789-7756-17C3-765B-C532E09322D7}" = Catalyst Control Center InstallProxy

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Age of Empires" = Microsoft Age of Empires

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"C-Media CM106 Like Sound Driver" = Trust 5.1 Surround Headset

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"DotAlicious Gaming Client" = DotAlicious Gaming Client

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324

"Heroes of Might and Magic II" = Heroes of Might and Magic II

"hon" = Heroes of Newerth

"ICQToolbar" = ICQ Toolbar

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation

"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)

"MSC" = McAfee SecurityCenter

"ProInst" = Intel PROSet Wireless

"StarCraft II" = StarCraft II

"Steam App 10" = Counter-Strike

"Steam App 240" = Counter-Strike: Source

"Steam App 30" = Day of Defeat

"Steam App 300" = Day of Defeat: Source

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TmNationsForever_is1" = TmNationsForever Update 2010-03-15

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.9

"Warcraft III" = Warcraft III

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Warcraft III" = Warcraft III: All Products

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 14.05.2011 19:28:24 | Computer Name = Felix-PC | Source = EventSystem | ID = 4621

Description = 

 

Error - 15.05.2011 01:32:23 | Computer Name = Felix-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 15.05.2011 05:07:00 | Computer Name = Felix-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung plugin-container.exe, Version 2.0.1.4120, Zeitstempel

 0x4da6a99c, fehlerhaftes Modul Annots.api, Version 9.0.0.332, Zeitstempel 0x4850e57f,

 Ausnahmecode 0xc0000409, Fehleroffset 0x0000ff52,  Prozess-ID 0x17f0, Anwendungsstartzeit

 01cc12df7195210e.

 

Error - 16.05.2011 01:12:53 | Computer Name = Felix-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 16.05.2011 15:33:23 | Computer Name = Felix-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 17.05.2011 00:02:26 | Computer Name = Felix-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 17.05.2011 15:43:48 | Computer Name = Felix-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 17.05.2011 17:30:25 | Computer Name = Felix-PC | Source = EventSystem | ID = 4621

Description = 

 

Error - 18.05.2011 00:02:42 | Computer Name = Felix-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 18.05.2011 01:21:26 | Computer Name = Felix-PC | Source = EventSystem | ID = 4621

Description = 

 

[ System Events ]

Error - 22.05.2011 04:47:22 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 22.05.2011 04:53:59 | Computer Name = Felix-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 22.05.2011 07:13:22 | Computer Name = Felix-PC | Source = HTTP | ID = 15016

Description = 

 

Error - 22.05.2011 07:15:02 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 22.05.2011 07:18:56 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 22.05.2011 07:22:47 | Computer Name = Felix-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 22.05.2011 07:40:16 | Computer Name = Felix-PC | Source = HTTP | ID = 15016

Description = 

 

Error - 22.05.2011 07:41:56 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 22.05.2011 07:41:56 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7011

Description = 

 

Error - 22.05.2011 07:43:29 | Computer Name = Felix-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

 

< End of report >

--- --- ---

Nr. 2 OTL Logfile:

Code:

OTL logfile created on: 22.05.2011 13:55:32 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Felix\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 226,76 Gb Total Space | 131,96 Gb Free Space | 58,20% Space Free | Partition Type: NTFS

Drive D: | 226,00 Gb Total Space | 224,35 Gb Free Space | 99,27% Space Free | Partition Type: NTFS

Drive E: | 1,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Felix\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()

PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

PRC - C:\Program Files\Fujitsu Siemens\WinManager\WinManager.exe ()

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Windows\System32\Rezip.exe ()

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.)

PRC - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)

PRC - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)

PRC - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

PRC - C:\PROGRA~1\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Felix\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\McAfee\SiteAdvisor\saHook.dll ()

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()

SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)

SRV - (McODS) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.)

SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SRV - (McShield) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.)

SRV - (McNASvc) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)

SRV - (McSysmon) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)

SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)

SRV - (McProxy) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (USBMULCD) -- C:\Windows\System32\drivers\CM106.sys (C-Media Electronics Inc)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)

DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.14 21:49:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.14 21:49:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.05.22 10:31:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 08:01:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.14 21:49:17 | 000,000,000 | ---D | M]

 

[2009.09.27 14:30:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions

[2011.04.04 22:03:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\yfrsr6er.default\extensions

[2009.10.02 16:11:33 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\yfrsr6er.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.03.25 19:01:51 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\yfrsr6er.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2011.04.04 22:03:39 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\yfrsr6er.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.05.18 18:09:45 | 000,000,950 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin-1.xml

[2011.03.06 14:23:31 | 000,000,961 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin-2.xml

[2011.03.24 22:52:11 | 000,000,961 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin-3.xml

[2011.03.24 22:54:26 | 000,000,950 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin-4.xml

[2011.04.30 08:01:58 | 000,000,950 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin-5.xml

[2011.02.20 12:21:20 | 000,000,168 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin.gif

[2011.02.20 12:21:20 | 000,000,618 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin.src

[2010.12.10 18:27:31 | 000,001,069 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin.xml

[2009.12.26 14:27:06 | 000,003,915 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\sweetim.xml

[2011.03.24 22:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

File not found (No name found) -- 

() (No name found) -- C:\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFRSR6ER.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI

[2011.04.30 08:01:35 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\MskAPBho.dll ()

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()

O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Cm106Sound]  File not found

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [TQ566808]  File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ICQ]  File not found

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Felix\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Felix\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.09.10 15:03:44 | 000,310,952 | R--- | M] (Samsung Computer) - E:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2006.12.08 11:35:26 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{7809f72d-8684-11df-9cb7-0024540c3527}\Shell - "" = AutoRun

O33 - MountPoints2\{7809f72d-8684-11df-9cb7-0024540c3527}\Shell\AutoRun\command - "" = F:\iStudio.exe

O33 - MountPoints2\{ceab42b2-9ea5-11de-8186-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{ceab42b2-9ea5-11de-8186-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008.09.10 15:03:44 | 000,310,952 | R--- | M] (Samsung Computer)

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.22 13:25:58 | 000,000,000 | -H-D | C] -- C:\Users\Felix\AppData\Roaming\Malwarebytes

[2011.05.22 13:25:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.05.22 13:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.05.22 13:25:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes

[2011.05.22 13:25:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.05.22 13:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.05.22 11:11:48 | 000,000,000 | -H-D | C] -- C:\Users\Felix\AppData\Roaming\SUPERAntiSpyware.com

[2011.05.22 11:11:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011.05.22 11:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011.05.22 11:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011.05.22 10:29:45 | 000,000,000 | -H-D | C] -- C:\Samsung

[2011.05.22 10:27:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\NetsyncAgent

[2011.05.22 10:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2011.05.22 10:19:46 | 000,034,216 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys

[2011.05.22 10:19:43 | 000,213,640 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys

[2011.05.22 10:19:43 | 000,079,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys

[2011.05.22 10:19:43 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys

[2011.05.22 10:19:43 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys

[2011.05.22 10:19:32 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys

[2011.05.22 10:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee

[2011.05.22 10:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com

[2011.05.22 10:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee

[2011.05.22 02:38:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch

[2011.05.22 02:33:02 | 000,000,000 | -H-D | C] -- C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery

[2011.05.15 12:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games

[2011.05.14 21:52:40 | 000,000,000 | -H-D | C] -- C:\Users\Felix\AppData\Local\DDMSettings

[2011.05.14 21:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2011.05.14 21:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011.05.14 10:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.05.14 10:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.05.14 10:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.05.14 09:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2006.11.24 08:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll

[2006.11.24 08:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.22 13:41:55 | 000,005,415 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2011.05.22 13:40:17 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.05.22 13:40:17 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.05.22 13:40:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.05.22 13:40:09 | 3184,115,712 | -HS- | M] () -- C:\hiberfil.sys

[2011.05.22 13:39:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.05.22 13:15:16 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44687096r

[2011.05.22 13:15:16 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44687096

[2011.05.22 13:14:59 | 000,000,344 | -H-- | M] () -- C:\ProgramData\44687096

[2011.05.22 10:39:57 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job

[2011.05.22 10:39:57 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\McQcTask.job

[2011.05.22 10:37:10 | 000,007,588 | ---- | M] () -- C:\Windows\HotFixList.ini

[2011.05.22 02:47:39 | 000,000,392 | -H-- | M] () -- C:\ProgramData\42983160

[2011.05.22 02:45:19 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42983160

[2011.05.22 02:33:02 | 000,000,595 | -H-- | M] () -- C:\Users\Felix\Desktop\Windows Vista Recovery.lnk

[2011.05.22 02:33:02 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42983160r

[2011.05.16 07:11:59 | 000,391,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.05.14 15:24:02 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.05.14 15:24:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.05.14 15:24:02 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.05.14 15:24:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.05.06 01:36:04 | 000,267,177 | -H-- | M] () -- C:\Users\Felix\Desktop\hayden_panettiere_56-wallpaper-1600x900.jpg

[2011.05.06 01:31:51 | 001,023,515 | -H-- | M] () -- C:\Users\Felix\Desktop\hayden-panettiere-sexy_1600x900_1877.jpg

[2011.04.22 22:31:15 | 000,078,848 | -H-- | M] () -- C:\Users\Felix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== Files Created - No Company Name ==========

 

[2011.05.22 13:15:16 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~44687096r

[2011.05.22 13:15:16 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~44687096

[2011.05.22 13:14:59 | 000,000,344 | -H-- | C] () -- C:\ProgramData\44687096

[2011.05.22 10:26:00 | 000,005,415 | ---- | C] () -- C:\Windows\System32\Config.MPF

[2011.05.22 10:15:03 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job

[2011.05.22 10:14:56 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\McQcTask.job

[2011.05.22 02:33:02 | 000,000,595 | -H-- | C] () -- C:\Users\Felix\Desktop\Windows Vista Recovery.lnk

[2011.05.22 02:33:02 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~42983160r

[2011.05.22 02:33:02 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42983160

[2011.05.22 02:32:47 | 000,000,392 | -H-- | C] () -- C:\ProgramData\42983160

[2011.05.06 01:36:04 | 000,267,177 | -H-- | C] () -- C:\Users\Felix\Desktop\hayden_panettiere_56-wallpaper-1600x900.jpg

[2011.05.06 01:31:51 | 001,023,515 | -H-- | C] () -- C:\Users\Felix\Desktop\hayden-panettiere-sexy_1600x900_1877.jpg

[2011.01.08 23:39:47 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

[2011.01.08 11:39:56 | 000,143,360 | R--- | C] () -- C:\Windows\Vmix106.dll

[2011.01.08 11:39:45 | 000,000,270 | ---- | C] () -- C:\Windows\Cm106.ini.cfl

[2011.01.08 11:39:42 | 000,544,768 | R--- | C] () -- C:\Windows\System32\Cmeau106.exe

[2011.01.08 11:38:10 | 000,002,391 | R--- | C] () -- C:\Windows\Cm106.ini.cfg

[2011.01.08 11:38:10 | 000,000,951 | ---- | C] () -- C:\Windows\Cm106.ini.imi

[2011.01.07 19:19:53 | 000,299,008 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll

[2010.12.19 20:19:24 | 000,283,648 | ---- | C] () -- C:\Windows\unin0407.exe

[2010.06.16 19:00:36 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat

[2009.10.08 17:54:06 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2009.10.08 17:54:06 | 000,022,328 | -H-- | C] () -- C:\Users\Felix\AppData\Roaming\PnkBstrK.sys

[2009.10.08 17:53:49 | 000,233,960 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2009.10.08 17:53:48 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2009.09.28 17:00:04 | 000,000,491 | ---- | C] () -- C:\Windows\System32\config.ini

[2009.09.28 01:15:25 | 000,078,848 | -H-- | C] () -- C:\Users\Felix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.27 15:02:01 | 000,055,317 | ---- | C] () -- C:\Windows\War3Unin.dat

[2009.07.11 09:54:36 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe

[2009.04.17 20:04:47 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009.04.17 05:34:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.04.17 05:29:10 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe

[2009.04.17 04:51:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.04.17 04:51:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.04.17 04:22:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini

[2009.04.17 04:22:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini

[2009.04.17 04:17:24 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe

[2009.04.17 04:17:24 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe

[2009.04.17 04:17:09 | 000,007,588 | ---- | C] () -- C:\Windows\HotFixList.ini

[2009.04.17 02:50:13 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.04.17 02:50:13 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.04.17 02:50:13 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.04.17 02:50:13 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.04.17 02:33:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2009.04.17 02:33:39 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2009.04.17 02:33:38 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2009.04.17 02:33:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe

[2009.04.17 02:33:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

[2009.04.07 12:43:00 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN

[2009.04.07 12:43:00 | 000,000,308 | ---- | C] () -- C:\Windows\System32\AP6RMKV.BIN

[2009.04.07 12:43:00 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJXFSC.BIN

[2009.04.07 12:43:00 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN

[2009.04.07 12:43:00 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN

[2009.04.07 12:43:00 | 000,000,189 | ---- | C] () -- C:\Windows\System32\AP6RMKS.BIN

[2009.04.07 12:43:00 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN

[2009.04.02 17:23:42 | 000,000,518 | R--- | C] () -- C:\Windows\cm106.ini

[2008.02.09 18:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe

[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\imagine digital freedom.dat

[2007.02.15 10:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll

[2006.11.29 11:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe

[2006.11.29 11:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,391,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.10.09 04:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll

 

< End of report >

--- --- ---

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

hey, danke für die schnelle antwort.
vorab mal ne frage, ein kumpel meinte, dass man die trojaner nie ganz weg bekommt, weil die teilweise garnich gefunden werden können weil die in irgendwelchen "win... -Dateien" wären oder so... is das richtige? denn sonst hau ich einfach alles runter und mach alles nochmal drauf...

also hier ein scannlauf von gerstern.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6639

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22.05.2011 15:59:54
mbam-log-2011-05-22 (15-59-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 307614
Laufzeit: 1 Stunde(n), 23 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Felix\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\20KJ7RRM\files_load1[1].exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.

und nochmal von heut nach ner aktuallisierung

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6657

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

23.05.2011 22:52:14
mbam-log-2011-05-23 (22-52-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 303353
Laufzeit: 57 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

Sowas geht nicht. Man sollte es tunlichst sein lassen, Virenscanner wie McAfee und AntiVir parallel zu betreiben. Nur Malwarebytes und SASW verstehen sich mit einem anderen installierten Virenscanner.
Deinstalliere jetzt also entweder McAfee oder AntiVir. Bei der Gelegenheit auch bitte jede Toolbar deinstallieren. Wenn du willst auch solche Software deinstallieren, die du definitiv nicht mehr brauchst/willst.

Hey,
jo ich weis, dass 2 doof sind. hab das mcafee in ner panikreaktion am sonntag drauf gespielt und mo amd wieder runter gehauen.

hier nochmal beide kompl. scanns nach nem update:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 05/24/2011 at 11:30 PM

Application Version : 4.52.1000

Core Rules Database Version : 7132
Trace Rules Database Version: 4944

Scan type : Complete Scan
Total Scan Time : 01:36:37

Memory items scanned : 652
Memory threats detected : 0
Registry items scanned : 7306
Registry threats detected : 0
File items scanned : 164096
File threats detected : 7

Adware.Tracking Cookie
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@cdn.at.atwola[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@at.atwola[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@ar.atwola[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@advertising[2].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@tacoda.at.atwola[1].txt
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@atwola[1].txt
games.adultswim.com [ C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UEJX25T4 ]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6667

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

25.05.2011 01:18:27
mbam-log-2011-05-25 (01-18-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 303416
Laufzeit: 1 Stunde(n), 0 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Bitte ein frisches Log mit OTL erstellen und posten:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 25.05.2011 18:45:36 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Felix\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 226,76 Gb Total Space | 132,66 Gb Free Space | 58,50% Space Free | Partition Type: NTFS

Drive D: | 226,00 Gb Total Space | 224,35 Gb Free Space | 99,27% Space Free | Partition Type: NTFS

 

Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Felix\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()

PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Windows\System32\Rezip.exe ()

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation)

PRC - C:\Windows\System32\lpremove.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Felix\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()

SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (USBMULCD) -- C:\Windows\System32\drivers\CM106.sys (C-Media Electronics Inc)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)

DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.14 21:49:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.14 21:49:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 08:01:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.14 21:49:17 | 000,000,000 | ---D | M]

 

[2009.09.27 14:30:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions

[2011.04.04 22:03:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\yfrsr6er.default\extensions

[2009.10.02 16:11:33 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\yfrsr6er.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.03.25 19:01:51 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\yfrsr6er.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2011.04.04 22:03:39 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\yfrsr6er.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.05.25 18:40:07 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin-1.xml

[2011.03.06 14:23:31 | 000,000,961 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin-2.xml

[2011.03.24 22:52:11 | 000,000,961 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin-3.xml

[2011.03.24 22:54:26 | 000,000,950 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin-4.xml

[2011.04.30 08:01:58 | 000,000,950 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin-5.xml

[2011.02.20 12:21:20 | 000,000,168 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin.gif

[2011.02.20 12:21:20 | 000,000,618 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin.src

[2010.12.10 18:27:31 | 000,001,069 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\icqplugin.xml

[2009.12.26 14:27:06 | 000,003,915 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\searchplugins\sweetim.xml

[2011.03.24 22:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

File not found (No name found) -- 

() (No name found) -- C:\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFRSR6ER.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI

[2011.04.30 08:01:35 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Cm106Sound]  File not found

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [TQ566808]  File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ICQ]  File not found

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{7809f72d-8684-11df-9cb7-0024540c3527}\Shell - "" = AutoRun

O33 - MountPoints2\{7809f72d-8684-11df-9cb7-0024540c3527}\Shell\AutoRun\command - "" = F:\iStudio.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel Corporation)

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.22 13:25:58 | 000,000,000 | -H-D | C] -- C:\Users\Felix\AppData\Roaming\Malwarebytes

[2011.05.22 13:25:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.05.22 13:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.05.22 13:25:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes

[2011.05.22 13:25:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.05.22 13:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.05.22 11:11:48 | 000,000,000 | -H-D | C] -- C:\Users\Felix\AppData\Roaming\SUPERAntiSpyware.com

[2011.05.22 11:11:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011.05.22 11:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011.05.22 11:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011.05.22 10:29:45 | 000,000,000 | -H-D | C] -- C:\Samsung

[2011.05.22 10:27:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\NetsyncAgent

[2011.05.22 02:38:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch

[2011.05.22 02:33:02 | 000,000,000 | -H-D | C] -- C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery

[2011.05.15 12:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games

[2011.05.14 21:52:40 | 000,000,000 | -H-D | C] -- C:\Users\Felix\AppData\Local\DDMSettings

[2011.05.14 21:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2011.05.14 21:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011.05.14 10:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.05.14 10:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.05.14 10:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.05.14 09:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2006.11.24 08:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll

[2006.11.24 08:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.25 18:30:18 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.05.25 18:30:18 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.05.25 18:30:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.05.25 18:30:13 | 3184,115,712 | -HS- | M] () -- C:\hiberfil.sys

[2011.05.25 07:37:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.05.22 13:15:16 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44687096r

[2011.05.22 13:15:16 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44687096

[2011.05.22 13:14:59 | 000,000,344 | -H-- | M] () -- C:\ProgramData\44687096

[2011.05.22 10:37:10 | 000,007,588 | ---- | M] () -- C:\Windows\HotFixList.ini

[2011.05.22 02:47:39 | 000,000,392 | -H-- | M] () -- C:\ProgramData\42983160

[2011.05.22 02:45:19 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42983160

[2011.05.22 02:33:02 | 000,000,595 | -H-- | M] () -- C:\Users\Felix\Desktop\Windows Vista Recovery.lnk

[2011.05.22 02:33:02 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42983160r

[2011.05.16 07:11:59 | 000,391,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.05.14 15:24:02 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.05.14 15:24:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.05.14 15:24:02 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.05.14 15:24:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.05.06 01:36:04 | 000,267,177 | -H-- | M] () -- C:\Users\Felix\Desktop\hayden_panettiere_56-wallpaper-1600x900.jpg

[2011.05.06 01:31:51 | 001,023,515 | -H-- | M] () -- C:\Users\Felix\Desktop\hayden-panettiere-sexy_1600x900_1877.jpg

 
 ========== Files Created - No Company Name ==========

 

[2011.05.22 13:15:16 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~44687096r

[2011.05.22 13:15:16 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~44687096

[2011.05.22 13:14:59 | 000,000,344 | -H-- | C] () -- C:\ProgramData\44687096

[2011.05.22 02:33:02 | 000,000,595 | -H-- | C] () -- C:\Users\Felix\Desktop\Windows Vista Recovery.lnk

[2011.05.22 02:33:02 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~42983160r

[2011.05.22 02:33:02 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42983160

[2011.05.22 02:32:47 | 000,000,392 | -H-- | C] () -- C:\ProgramData\42983160

[2011.05.06 01:36:04 | 000,267,177 | -H-- | C] () -- C:\Users\Felix\Desktop\hayden_panettiere_56-wallpaper-1600x900.jpg

[2011.05.06 01:31:51 | 001,023,515 | -H-- | C] () -- C:\Users\Felix\Desktop\hayden-panettiere-sexy_1600x900_1877.jpg

[2011.01.08 23:39:47 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

[2011.01.08 11:39:56 | 000,143,360 | R--- | C] () -- C:\Windows\Vmix106.dll

[2011.01.08 11:39:45 | 000,000,270 | ---- | C] () -- C:\Windows\Cm106.ini.cfl

[2011.01.08 11:39:42 | 000,544,768 | R--- | C] () -- C:\Windows\System32\Cmeau106.exe

[2011.01.08 11:38:10 | 000,002,391 | R--- | C] () -- C:\Windows\Cm106.ini.cfg

[2011.01.08 11:38:10 | 000,000,951 | ---- | C] () -- C:\Windows\Cm106.ini.imi

[2011.01.07 19:19:53 | 000,299,008 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll

[2010.12.19 20:19:24 | 000,283,648 | ---- | C] () -- C:\Windows\unin0407.exe

[2010.06.16 19:00:36 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat

[2009.10.08 17:54:06 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2009.10.08 17:54:06 | 000,022,328 | -H-- | C] () -- C:\Users\Felix\AppData\Roaming\PnkBstrK.sys

[2009.10.08 17:53:49 | 000,233,960 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2009.10.08 17:53:48 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2009.09.28 17:00:04 | 000,000,491 | ---- | C] () -- C:\Windows\System32\config.ini

[2009.09.28 01:15:25 | 000,078,848 | -H-- | C] () -- C:\Users\Felix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.27 15:02:01 | 000,055,317 | ---- | C] () -- C:\Windows\War3Unin.dat

[2009.07.11 09:54:36 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe

[2009.04.17 20:04:47 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009.04.17 05:34:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.04.17 05:29:10 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe

[2009.04.17 04:51:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.04.17 04:51:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.04.17 04:22:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini

[2009.04.17 04:22:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini

[2009.04.17 04:17:24 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe

[2009.04.17 04:17:24 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe

[2009.04.17 04:17:09 | 000,007,588 | ---- | C] () -- C:\Windows\HotFixList.ini

[2009.04.17 02:50:13 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.04.17 02:50:13 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.04.17 02:50:13 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.04.17 02:50:13 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.04.17 02:33:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2009.04.17 02:33:39 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2009.04.17 02:33:38 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2009.04.17 02:33:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe

[2009.04.17 02:33:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

[2009.04.07 12:43:00 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN

[2009.04.07 12:43:00 | 000,000,308 | ---- | C] () -- C:\Windows\System32\AP6RMKV.BIN

[2009.04.07 12:43:00 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJXFSC.BIN

[2009.04.07 12:43:00 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN

[2009.04.07 12:43:00 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN

[2009.04.07 12:43:00 | 000,000,189 | ---- | C] () -- C:\Windows\System32\AP6RMKS.BIN

[2009.04.07 12:43:00 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN

[2009.04.02 17:23:42 | 000,000,518 | R--- | C] () -- C:\Windows\cm106.ini

[2008.02.09 18:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe

[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\imagine digital freedom.dat

[2007.02.15 10:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll

[2006.11.29 11:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe

[2006.11.29 11:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,391,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.10.09 04:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll

 
 ========== LOP Check ==========

 

[2011.04.04 22:03:38 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.05.21 21:39:20 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\ICQ

[2010.01.03 19:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\Leadertech

[2010.06.12 18:12:30 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\LolClient

[2010.10.31 14:44:21 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\OpenOffice.org

[2010.01.09 22:19:36 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\TS3Client

[2011.05.25 07:37:47 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.06.12 17:53:34 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\Adobe

[2011.02.05 12:04:08 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\Apple Computer

[2009.09.23 19:13:04 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\ATI

[2011.05.14 21:49:03 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\DivX

[2011.03.06 21:35:10 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\dvdcss

[2011.04.04 22:03:38 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.09.27 14:28:13 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\Google

[2011.05.21 21:39:20 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\ICQ

[2009.09.23 19:12:12 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\Identities

[2011.01.01 18:36:50 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\Intelli-studio

[2010.01.03 19:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\Leadertech

[2010.06.12 18:12:30 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\LolClient

[2009.09.27 14:46:18 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\Macromedia

[2011.05.22 13:25:58 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\Media Center Programs

[2011.04.22 09:40:37 | 000,000,000 | --SD | M] -- C:\Users\Felix\AppData\Roaming\Microsoft

[2009.09.27 14:30:07 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\Mozilla

[2010.10.31 14:44:21 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\OpenOffice.org

[2011.05.22 11:11:48 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\SUPERAntiSpyware.com

[2010.09.25 18:29:45 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\teamspeak2

[2010.01.09 22:19:36 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\TS3Client

[2011.05.14 21:33:11 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\vlc

[2010.04.09 19:03:57 | 000,000,000 | -H-D | M] -- C:\Users\Felix\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2010.06.12 17:53:02 | 000,038,208 | -H-- | M] () -- C:\Users\Felix\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.02.11 10:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys

[2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()

O4 - HKLM..\Run: [TQ566808]  File not found

O4 - HKCU..\Run: [ICQ]  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{7809f72d-8684-11df-9cb7-0024540c3527}\Shell - "" = AutoRun

O33 - MountPoints2\{7809f72d-8684-11df-9cb7-0024540c3527}\Shell\AutoRun\command - "" = F:\iStudio.exe

[2011.05.22 13:15:16 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44687096r

[2011.05.22 13:15:16 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44687096

[2011.05.22 13:14:59 | 000,000,344 | -H-- | M] () -- C:\ProgramData\44687096

[2011.05.22 02:47:39 | 000,000,392 | -H-- | M] () -- C:\ProgramData\42983160

[2011.05.22 02:45:19 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42983160

[2011.05.22 02:33:02 | 000,000,595 | -H-- | M] () -- C:\Users\Felix\Desktop\Windows Vista Recovery.lnk

[2011.05.22 02:33:02 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42983160r

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

========== OTL ==========
Error: Unable to stop service Rezip!
Service Rezip deleted successfully!
C:\Windows\System32\Rezip.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TQ566808 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7809f72d-8684-11df-9cb7-0024540c3527}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7809f72d-8684-11df-9cb7-0024540c3527}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7809f72d-8684-11df-9cb7-0024540c3527}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7809f72d-8684-11df-9cb7-0024540c3527}\ not found.
File F:\iStudio.exe not found.
C:\ProgramData\~44687096r moved successfully.
C:\ProgramData\~44687096 moved successfully.
C:\ProgramData\44687096 moved successfully.
C:\ProgramData\42983160 moved successfully.
C:\ProgramData\~42983160 moved successfully.
C:\Users\Felix\Desktop\Windows Vista Recovery.lnk moved successfully.
C:\ProgramData\~42983160r moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05252011_230106

Das ist mein Script selbst, nicht der Output, der generiert wird, wenn du dieses Script anwendest :D

habs nochmal geändert ;)

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

2011/05/26 22:08:08.0723 4880 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/26 22:08:09.0176 4880 ================================================================================
2011/05/26 22:08:09.0176 4880 SystemInfo:
2011/05/26 22:08:09.0176 4880
2011/05/26 22:08:09.0176 4880 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/26 22:08:09.0176 4880 Product type: Workstation
2011/05/26 22:08:09.0176 4880 ComputerName: FELIX-PC
2011/05/26 22:08:09.0176 4880 UserName: Felix
2011/05/26 22:08:09.0176 4880 Windows directory: C:\Windows
2011/05/26 22:08:09.0176 4880 System windows directory: C:\Windows
2011/05/26 22:08:09.0176 4880 Processor architecture: Intel x86
2011/05/26 22:08:09.0176 4880 Number of processors: 2
2011/05/26 22:08:09.0176 4880 Page size: 0x1000
2011/05/26 22:08:09.0176 4880 Boot type: Normal boot
2011/05/26 22:08:09.0176 4880 ================================================================================
2011/05/26 22:08:09.0466 4880 Initialize success
2011/05/26 22:08:12.0793 4188 ================================================================================
2011/05/26 22:08:12.0793 4188 Scan started
2011/05/26 22:08:12.0793 4188 Mode: Manual;
2011/05/26 22:08:12.0793 4188 ================================================================================
2011/05/26 22:08:13.0295 4188 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/26 22:08:13.0349 4188 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/26 22:08:13.0394 4188 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/26 22:08:13.0424 4188 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/26 22:08:13.0463 4188 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/26 22:08:13.0524 4188 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/26 22:08:13.0601 4188 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/26 22:08:13.0674 4188 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/26 22:08:13.0716 4188 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/26 22:08:13.0741 4188 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/26 22:08:13.0787 4188 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/26 22:08:13.0824 4188 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/26 22:08:13.0855 4188 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/26 22:08:13.0888 4188 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/26 22:08:13.0987 4188 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/26 22:08:14.0031 4188 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/26 22:08:14.0074 4188 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/26 22:08:14.0173 4188 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/05/26 22:08:14.0332 4188 atikmdag (45c45796caad4f3354496530329a7b10) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/26 22:08:14.0477 4188 AVerAF15 (54c7c8498972379cff88973984497216) C:\Windows\system32\Drivers\AVerAF15.sys
2011/05/26 22:08:14.0553 4188 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/26 22:08:14.0599 4188 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/26 22:08:14.0635 4188 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/26 22:08:14.0698 4188 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/05/26 22:08:14.0729 4188 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/26 22:08:14.0772 4188 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/26 22:08:14.0808 4188 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/26 22:08:14.0841 4188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/26 22:08:14.0864 4188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/26 22:08:14.0908 4188 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/26 22:08:14.0933 4188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/26 22:08:14.0948 4188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/26 22:08:14.0967 4188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/26 22:08:15.0019 4188 BthEnum (c7065fa296c91bf054f421b0ebf93461) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/26 22:08:15.0035 4188 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/26 22:08:15.0072 4188 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/26 22:08:15.0093 4188 BTHPORT (1712d956e5a96f866d6791869e99b1d6) C:\Windows\system32\Drivers\BTHport.sys
2011/05/26 22:08:15.0147 4188 BTHUSB (66088e161e769d11c3134bc23d0e6144) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/26 22:08:15.0183 4188 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/26 22:08:15.0255 4188 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/26 22:08:15.0281 4188 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/26 22:08:15.0311 4188 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/26 22:08:15.0382 4188 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/26 22:08:15.0399 4188 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/26 22:08:15.0441 4188 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/26 22:08:15.0456 4188 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/26 22:08:15.0477 4188 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/26 22:08:15.0514 4188 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/26 22:08:15.0551 4188 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/26 22:08:15.0595 4188 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/26 22:08:15.0642 4188 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/26 22:08:15.0669 4188 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/26 22:08:15.0714 4188 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/26 22:08:15.0765 4188 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/26 22:08:15.0795 4188 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/26 22:08:15.0873 4188 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/26 22:08:15.0898 4188 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/26 22:08:15.0928 4188 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/26 22:08:15.0967 4188 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/26 22:08:15.0991 4188 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/26 22:08:16.0009 4188 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/26 22:08:16.0049 4188 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/26 22:08:16.0080 4188 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/26 22:08:16.0108 4188 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/26 22:08:16.0166 4188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/26 22:08:16.0207 4188 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/26 22:08:16.0225 4188 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/26 22:08:16.0244 4188 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/26 22:08:16.0271 4188 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/26 22:08:16.0312 4188 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/26 22:08:16.0333 4188 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/26 22:08:16.0400 4188 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/05/26 22:08:16.0433 4188 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/26 22:08:16.0485 4188 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/26 22:08:16.0540 4188 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/26 22:08:16.0591 4188 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/26 22:08:16.0622 4188 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/26 22:08:16.0652 4188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/26 22:08:16.0753 4188 IntcAzAudAddService (b4fd14f7b231e358bec6c71d1a6c2845) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/26 22:08:16.0936 4188 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/26 22:08:16.0964 4188 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/26 22:08:17.0019 4188 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/26 22:08:17.0060 4188 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/26 22:08:17.0081 4188 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/26 22:08:17.0123 4188 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/26 22:08:17.0143 4188 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/26 22:08:17.0182 4188 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/26 22:08:17.0199 4188 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/26 22:08:17.0224 4188 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/26 22:08:17.0245 4188 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/26 22:08:17.0268 4188 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/26 22:08:17.0315 4188 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
2011/05/26 22:08:17.0355 4188 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/26 22:08:17.0392 4188 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/26 22:08:17.0436 4188 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/26 22:08:17.0452 4188 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/26 22:08:17.0484 4188 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/26 22:08:17.0506 4188 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/26 22:08:17.0538 4188 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/26 22:08:17.0562 4188 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/26 22:08:17.0585 4188 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/26 22:08:17.0603 4188 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/26 22:08:17.0626 4188 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/26 22:08:17.0642 4188 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/26 22:08:17.0653 4188 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/26 22:08:17.0702 4188 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/26 22:08:17.0721 4188 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/26 22:08:17.0746 4188 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/26 22:08:17.0769 4188 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/26 22:08:17.0782 4188 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/26 22:08:17.0823 4188 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/26 22:08:17.0847 4188 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/26 22:08:17.0910 4188 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/26 22:08:17.0964 4188 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/26 22:08:18.0003 4188 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/26 22:08:18.0038 4188 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/26 22:08:18.0077 4188 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/26 22:08:18.0107 4188 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/26 22:08:18.0125 4188 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/26 22:08:18.0148 4188 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/26 22:08:18.0164 4188 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/26 22:08:18.0191 4188 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/26 22:08:18.0210 4188 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/26 22:08:18.0260 4188 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/26 22:08:18.0296 4188 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/26 22:08:18.0316 4188 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/26 22:08:18.0340 4188 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/26 22:08:18.0365 4188 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/26 22:08:18.0393 4188 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/26 22:08:18.0418 4188 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/26 22:08:18.0440 4188 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/26 22:08:18.0528 4188 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/05/26 22:08:18.0654 4188 NETw5v32 (7269039e216bdd863abf1850a0ffdbaf) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/05/26 22:08:18.0764 4188 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/26 22:08:18.0794 4188 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/26 22:08:18.0814 4188 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/26 22:08:18.0858 4188 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/26 22:08:18.0884 4188 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/26 22:08:18.0904 4188 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/26 22:08:18.0947 4188 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/26 22:08:18.0973 4188 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/26 22:08:19.0005 4188 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/26 22:08:19.0084 4188 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/26 22:08:19.0127 4188 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/26 22:08:19.0162 4188 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/26 22:08:19.0186 4188 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/26 22:08:19.0228 4188 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/26 22:08:19.0275 4188 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/26 22:08:19.0310 4188 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/26 22:08:19.0360 4188 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/26 22:08:19.0448 4188 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/26 22:08:19.0466 4188 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/26 22:08:19.0512 4188 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/26 22:08:19.0562 4188 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/26 22:08:19.0587 4188 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/26 22:08:19.0609 4188 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/26 22:08:19.0629 4188 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/26 22:08:19.0653 4188 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/26 22:08:19.0677 4188 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/26 22:08:19.0688 4188 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/26 22:08:19.0729 4188 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/26 22:08:19.0740 4188 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/26 22:08:19.0775 4188 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/26 22:08:19.0788 4188 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/26 22:08:19.0819 4188 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/26 22:08:19.0869 4188 RFCOMM (10536b0ad6f416fc7f1149977c28ccdc) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/26 22:08:19.0894 4188 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/26 22:08:20.0069 4188 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/26 22:08:20.0107 4188 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/26 22:08:20.0131 4188 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/26 22:08:20.0187 4188 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/26 22:08:20.0210 4188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/26 22:08:20.0251 4188 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/26 22:08:20.0270 4188 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/26 22:08:20.0290 4188 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/26 22:08:20.0321 4188 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/26 22:08:20.0337 4188 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/26 22:08:20.0351 4188 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/26 22:08:20.0362 4188 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/26 22:08:20.0395 4188 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/26 22:08:20.0419 4188 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/26 22:08:20.0456 4188 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/26 22:08:20.0489 4188 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/26 22:08:20.0524 4188 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/26 22:08:20.0575 4188 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
2011/05/26 22:08:20.0609 4188 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/26 22:08:20.0631 4188 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/26 22:08:20.0668 4188 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/26 22:08:20.0723 4188 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/26 22:08:20.0748 4188 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/26 22:08:20.0764 4188 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/26 22:08:20.0785 4188 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/26 22:08:20.0836 4188 SynTP (71837fbce3fd8143953444b3ff7938dc) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/26 22:08:20.0912 4188 Tcpip (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\drivers\tcpip.sys
2011/05/26 22:08:20.0938 4188 Tcpip6 (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/26 22:08:20.0999 4188 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/26 22:08:21.0024 4188 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/26 22:08:21.0049 4188 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/26 22:08:21.0085 4188 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/26 22:08:21.0100 4188 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/26 22:08:21.0140 4188 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/26 22:08:21.0172 4188 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/26 22:08:21.0190 4188 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/26 22:08:21.0214 4188 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/26 22:08:21.0243 4188 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/26 22:08:21.0273 4188 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/26 22:08:21.0301 4188 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/26 22:08:21.0325 4188 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/26 22:08:21.0344 4188 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/26 22:08:21.0369 4188 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/26 22:08:21.0447 4188 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/26 22:08:21.0520 4188 usbaudio (f89033df77b636621cf6b090f7e1913d) C:\Windows\system32\drivers\usbaudio.sys
2011/05/26 22:08:21.0568 4188 usbccgp (afb10a231254a1920c3bb4a0d02e1ca6) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/26 22:08:21.0605 4188 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/26 22:08:21.0628 4188 usbehci (44245742c4ed2eafd69020583424455b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/26 22:08:21.0648 4188 usbhub (db39b3f83af77bca019d7df6aaddbdae) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/26 22:08:21.0737 4188 USBMULCD (7b9a398725011a2bd0d0753cd73301e5) C:\Windows\system32\drivers\CM106.sys
2011/05/26 22:08:21.0770 4188 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/26 22:08:21.0787 4188 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/26 22:08:21.0815 4188 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/26 22:08:21.0858 4188 usbuhci (587809974e43cfad0ca0ef6e1d940ca9) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/26 22:08:21.0900 4188 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/26 22:08:21.0950 4188 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/26 22:08:22.0004 4188 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/26 22:08:22.0022 4188 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/26 22:08:22.0037 4188 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/26 22:08:22.0056 4188 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/26 22:08:22.0098 4188 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/26 22:08:22.0124 4188 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/26 22:08:22.0139 4188 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/26 22:08:22.0164 4188 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/26 22:08:22.0186 4188 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/26 22:08:22.0221 4188 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 22:08:22.0241 4188 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 22:08:22.0271 4188 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/26 22:08:22.0299 4188 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/26 22:08:22.0374 4188 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/26 22:08:22.0443 4188 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/26 22:08:22.0480 4188 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/26 22:08:22.0523 4188 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/26 22:08:22.0575 4188 yukonwlh (6d16a5c05d4fa06fade1d97580986803) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/26 22:08:22.0624 4188 MBR (0x1B8) (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0
2011/05/26 22:08:22.0832 4188 ================================================================================
2011/05/26 22:08:22.0832 4188 Scan finished
2011/05/26 22:08:22.0832 4188 ================================================================================
2011/05/26 22:08:22.0841 5060 Detected object count: 0
2011/05/26 22:08:22.0841 5060 Actual detected object count: 0

icons sind auch wieder da, hab das unhide verwendet...

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Combofix Logfile:

Code:

ComboFix 11-05-26.01 - Felix 26.05.2011  22:29:33.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3036.1938 [GMT 2:00]

ausgeführt von:: c:\users\Felix\Desktop\cofi.exe.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\Config.ini

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-26 bis 2011-05-26  ))))))))))))))))))))))))))))))

.

.

2011-05-26 20:27 . 2011-05-26 20:27        --------        d-----w-        C:\32788R22FWJFW

2011-05-25 21:01 . 2011-05-25 21:01        --------        d-----w-        C:\_OTL

2011-05-24 23:39 . 2011-05-09 20:46        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{46BB5CAF-5A22-44AD-A0DB-AD7859444F60}\mpengine.dll

2011-05-22 11:25 . 2011-05-22 11:25        --------        d-----w-        c:\users\Felix\AppData\Roaming\Malwarebytes

2011-05-22 11:25 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-22 11:25 . 2011-05-22 11:25        --------        d-----w-        c:\programdata\Malwarebytes

2011-05-22 11:25 . 2011-05-22 11:25        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-05-22 11:25 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-05-22 09:11 . 2011-05-22 09:11        --------        d-----w-        c:\users\Felix\AppData\Roaming\SUPERAntiSpyware.com

2011-05-22 09:11 . 2011-05-22 09:11        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2011-05-22 09:11 . 2011-05-25 17:11        --------        d-----w-        c:\program files\SUPERAntiSpyware

2011-05-22 08:29 . 2011-05-22 08:29        --------        d-----w-        C:\Samsung

2011-05-22 08:27 . 2011-05-22 08:27        --------        d-----w-        c:\windows\system32\NetsyncAgent

2011-05-22 00:38 . 2011-05-22 00:38        --------        d-----w-        c:\programdata\WindowsSearch

2011-05-15 10:54 . 2011-05-15 10:54        271360        ------w-        c:\program files\Microsoft Games\Age of Empires\UNINSTAL.EXE

2011-05-15 10:54 . 2011-05-15 10:54        2668544        ------w-        c:\program files\Microsoft Games\Age of Empires\SETUPENU.DLL

2011-05-15 10:52 . 2011-05-15 10:52        29184        ------w-        c:\program files\Microsoft Games\Age of Empires\data\closedpw.exe

2011-05-15 10:52 . 2011-05-15 10:52        211456        ------w-        c:\program files\Microsoft Games\Age of Empires\language.dll

2011-05-15 10:52 . 2011-05-15 10:52        1622016        ------w-        c:\program files\Microsoft Games\Age of Empires\Empires.exe

2011-05-15 10:52 . 2011-05-15 10:52        33280        ------w-        c:\program files\Microsoft Games\Age of Empires\AoEHlp.dll

2011-05-15 10:52 . 2011-05-15 10:52        27648        ------w-        c:\program files\Microsoft Games\Age of Empires\aelaunch.dll

2011-05-14 19:52 . 2011-05-14 19:52        --------        d-----w-        c:\users\Felix\AppData\Local\DDMSettings

2011-05-14 08:01 . 2011-05-14 08:01        --------        d-----w-        c:\program files\iPod

2011-05-14 08:01 . 2011-05-14 08:02        --------        d-----w-        c:\program files\iTunes

2011-05-14 07:59 . 2011-05-14 07:59        --------        d-----w-        c:\program files\Bonjour

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\system32\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\system32\jdns_sd.dll

2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\system32\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\system32\dns-sd.exe

2011-04-30 06:01 . 2011-03-24 20:54        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2009-10-19 15:15        1345336        ----a-w-        c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-25 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-12 61440]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-13 6814240]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WinManager.lnk - c:\program files\Fujitsu Siemens\WinManager\WinManager.exe [2009-10-10 61440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2009-05-14 1516544]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]

S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]

S3 AVerAF15;AVerMedia A815;c:\windows\system32\Drivers\AVerAF15.sys [2009-04-13 281472]

S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-24 3666432]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 22025784

*NewlyCreated* - 36510703

*Deregistered* - 22025784

*Deregistered* - 36510703

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

yksvcs        REG_MULTI_SZ           yksvc

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to MP3 Converter - c:\users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\yfrsr6er.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-Cm106Sound - cm106.cpl

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-26 22:34

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Zeit der Fertigstellung: 2011-05-26  22:35:30

ComboFix-quarantined-files.txt  2011-05-26 20:35

.

Vor Suchlauf: 11 Verzeichnis(se), 140.796.215.296 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 141.225.156.608 Bytes frei

.

- - End Of File - - D7C36141A676A59127EF797C0962D388

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

GMER Logfile:

Code:

GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-27 20:06:55

Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1

Running: h68p4qm1.exe; Driver: C:\Users\Felix\AppData\Local\Temp\ugloypod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            81D00D64                                                                                         ZwCreateThread

SSDT            81D00D50                                                                                         ZwOpenProcess

SSDT            81D00D55                                                                                         ZwOpenThread

SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS                                               ZwTerminateProcess [0x8ABD7620]
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntoskrnl.exe!KeInsertQueue + 411                                                                 828BBA08 4 Bytes  [64, 0D, D0, 81]

.text           ntoskrnl.exe!KeInsertQueue + 5E1                                                                 828BBBD8 4 Bytes  [50, 0D, D0, 81]

.text           ntoskrnl.exe!KeInsertQueue + 5FD                                                                 828BBBF4 4 Bytes  [55, 0D, D0, 81]

.text           ntoskrnl.exe!KeInsertQueue + 811                                                                 828BBE08 4 Bytes  [20, 76, BD, 8A]

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x8E40F000, 0x258606, 0xE8000020]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ea6bb2                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ea9200                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ea93e9                      

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ea9200 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ea93e9 (not active ControlSet)  
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Osma
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 20:15:31 on 27.05.2011
 

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit

Default Browser: Mozilla Corporation Firefox 4.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Cm106cpl" - "C-Media Corporation" - C:\Windows\System\cm106.cpl

"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\Felix\AppData\Local\Temp\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"WinManager.lnk" - ? - C:\Program Files\Fujitsu Siemens\WinManager\WinManager.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"SweetIM" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Messenger\SweetIM.exe

"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R720
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 145):
0x82800000 \SystemRoot\system32\ntoskrnl.exe
0x82BAA000 \SystemRoot\system32\hal.dll
0x8A00F000 \SystemRoot\system32\kdcom.dll
0x8A017000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8A077000 \SystemRoot\system32\PSHED.dll
0x8A088000 \SystemRoot\system32\BOOTVID.dll
0x8A090000 \SystemRoot\system32\CLFS.SYS
0x8A0D1000 \SystemRoot\system32\CI.dll
0x8A1B1000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A22D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A23A000 \SystemRoot\system32\drivers\acpi.sys
0x8A280000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8A289000 \SystemRoot\system32\drivers\msisadrv.sys
0x8A291000 \SystemRoot\system32\drivers\pci.sys
0x8A2B8000 \SystemRoot\System32\drivers\partmgr.sys
0x8A2C7000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A2CA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A2D4000 \SystemRoot\system32\drivers\volmgr.sys
0x8A2E3000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A32D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A403000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A4DE000 \SystemRoot\system32\drivers\atapi.sys
0x8A4E6000 \SystemRoot\system32\drivers\ataport.SYS
0x8A504000 \SystemRoot\system32\drivers\msahci.sys
0x8A50E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A51C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A54E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A55E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A5CF000 \SystemRoot\system32\drivers\ndis.sys
0x8A6DA000 \SystemRoot\system32\drivers\msrpc.sys
0x8A705000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A808000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A917000 \SystemRoot\system32\drivers\volsnap.sys
0x8A950000 \SystemRoot\System32\Drivers\spldr.sys
0x8A958000 \SystemRoot\System32\Drivers\mup.sys
0x8A967000 \SystemRoot\System32\drivers\ecache.sys
0x8A98E000 \SystemRoot\system32\drivers\disk.sys
0x8A99F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9C0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AAB1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AABC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E806000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8EC88000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8ED27000 \SystemRoot\System32\drivers\watchdog.sys
0x8ED34000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8ED46000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8ED51000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ED8F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F00F000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F398000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8F3E8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F3EC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ED9E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F00B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EDCE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EDD9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EDF1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EDF7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EE06000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EE34000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EE75000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EE80000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EE97000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EEA2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EEC5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EED4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EEE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EEFD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F00D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EF0D000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EF37000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EF41000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EF4E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EF82000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EF93000 \SystemRoot\system32\drivers\HdAudio.sys
0x8EFD2000 \SystemRoot\system32\drivers\portcls.sys
0x8AAC5000 \SystemRoot\system32\drivers\drmk.sys
0x8F403000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F63A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F643000 \SystemRoot\System32\Drivers\Null.SYS
0x8F64A000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F65A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F661000 \SystemRoot\System32\drivers\vga.sys
0x8F66D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F68E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F696000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F69E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F6A9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F6B7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F6C0000 \SystemRoot\System32\drivers\tcpip.sys
0x8F7A9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8F7C4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F7DA000 \SystemRoot\system32\DRIVERS\smb.sys
0x8AAEA000 \SystemRoot\system32\drivers\afd.sys
0x8AB32000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8AB64000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F7EE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8AB7A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F651000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8AB8D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8E800000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8ABAF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8ABEB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8A73F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8A756000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F657000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8A9C9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8A9E0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8A9E9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8A9F9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8AA01000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8AA22000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90809000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x908E4000 \SystemRoot\System32\Drivers\AVerAF15.sys
0x90929000 \SystemRoot\System32\Drivers\BdaSup.SYS
0x98830000 \SystemRoot\System32\win32k.sys
0x9092C000 \SystemRoot\System32\drivers\Dxapi.sys
0x90936000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9093F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98A50000 \SystemRoot\System32\TSDDD.dll
0x98A70000 \SystemRoot\System32\cdd.dll
0x9094E000 \SystemRoot\system32\drivers\luafv.sys
0x90969000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9097D000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0x90985000 \SystemRoot\system32\drivers\spsys.sys
0x90A34000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90A44000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90A6E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x90A78000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x90A8B000 \SystemRoot\system32\drivers\HTTP.sys
0x90AF8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x90B15000 \SystemRoot\system32\DRIVERS\bowser.sys
0x90B2E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x90B43000 \SystemRoot\system32\drivers\mrxdav.sys
0x90B63000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x90B82000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x90BBB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x90BD3000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8AA2F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D807000 \SystemRoot\system32\drivers\peauth.sys
0x9D8E5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D8EF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D8FB000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77BD0000 \Windows\System32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
592 csrss.exe
656 C:\Windows\System32\wininit.exe
668 csrss.exe
700 C:\Windows\System32\services.exe
712 C:\Windows\System32\lsass.exe
720 C:\Windows\System32\lsm.exe
868 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\Ati2evxx.exe
1064 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\winlogon.exe
1136 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\audiodg.exe
1264 C:\Windows\System32\SLsvc.exe
1316 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\taskeng.exe
1668 C:\Windows\System32\spoolsv.exe
1692 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1800 C:\Windows\System32\svchost.exe
280 C:\Windows\System32\Ati2evxx.exe
316 C:\Windows\System32\agrsmsvc.exe
864 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
880 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1092 C:\Program Files\Bonjour\mDNSResponder.exe
652 C:\Windows\System32\svchost.exe
2180 C:\Windows\System32\PnkBstrA.exe
2196 C:\Windows\System32\svchost.exe
2224 C:\Windows\System32\svchost.exe
2276 C:\Windows\System32\svchost.exe
2308 C:\Windows\System32\SearchIndexer.exe
2788 C:\Windows\servicing\TrustedInstaller.exe
3064 C:\Windows\System32\taskeng.exe
3088 C:\Windows\System32\dwm.exe
3128 C:\Windows\System32\taskeng.exe
3144 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
3168 C:\Windows\explorer.exe
3196 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
3276 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
3296 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
3304 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
3576 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3584 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3640 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3760 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3796 C:\Program Files\SweetIM\Messenger\SweetIM.exe
3848 C:\Program Files\iTunes\iTunesHelper.exe
3860 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3892 C:\Program Files\Windows Sidebar\sidebar.exe
3908 C:\Program Files\Windows Media Player\wmpnscfg.exe
3984 C:\Program Files\Windows Media Player\wmpnetwk.exe
3696 C:\Program Files\Mozilla Firefox\firefox.exe
1332 C:\Program Files\iPod\bin\iPodService.exe
2804 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1544 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4732 C:\Windows\System32\wuauclt.exe
4932 C:\Windows\System32\SearchProtocolHost.exe
904 C:\Windows\System32\SearchFilterHost.exe
1348 dllhost.exe
2928 dllhost.exe
2912 C:\Users\Felix\Desktop\MBRCheck.exe
2964 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`40100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`f0900000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM500JI, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Zitat:

465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2

Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.[/QUOTE]

Also alles davor hab ich hin bekommen. ich boote von der dvd aber dann fährt der ganz normal hoch. ich hab nirgens ein "computerreparaturoption oder eingabeaufforder"... kommen die im normalen vista oder noch unter bios?
ich finde auch nichts davon, wenn ich das recovery programm ausführe. der will nur meine treiber aktuallisieren...
ich bin zu blöd für sowas :stirn:

habs hin bekommen :D

GMER
GMER Logfile:

Code:

GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-28 14:53:41

Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1

Running: h68p4qm1.exe; Driver: C:\Users\Felix\AppData\Local\Temp\ugloypod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8D4AF76C                                                                                         ZwCreateThread

SSDT            8D4AF758                                                                                         ZwOpenProcess

SSDT            8D4AF75D                                                                                         ZwOpenThread

SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS                                               ZwTerminateProcess [0x8ABA4620]
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntoskrnl.exe!KeInsertQueue + 411                                                                 82882A08 4 Bytes  [6C, F7, 4A, 8D]

.text           ntoskrnl.exe!KeInsertQueue + 5E1                                                                 82882BD8 4 Bytes  [58, F7, 4A, 8D]

.text           ntoskrnl.exe!KeInsertQueue + 5FD                                                                 82882BF4 4 Bytes  [5D, F7, 4A, 8D]

.text           ntoskrnl.exe!KeInsertQueue + 811                                                                 82882E08 4 Bytes  [20, 46, BA, 8A]

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x8E00A000, 0x258606, 0xE8000020]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ea6bb2                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ea9200                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ea93e9                      

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ea9200 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269ea93e9 (not active ControlSet)  
 

---- EOF - GMER 1.0.15 ----

--- --- ---
OSMA
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 15:04:36 on 28.05.2011
 

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit

Default Browser: Mozilla Corporation Firefox 4.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Cm106cpl" - "C-Media Corporation" - C:\Windows\System\cm106.cpl

"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\Felix\AppData\Local\Temp\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"WinManager.lnk" - ? - C:\Program Files\Fujitsu Siemens\WinManager\WinManager.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"SweetIM" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Messenger\SweetIM.exe

"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R720
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 145):
0x82810000 \SystemRoot\system32\ntoskrnl.exe
0x82BBA000 \SystemRoot\system32\hal.dll
0x8A000000 \SystemRoot\system32\kdcom.dll
0x8A008000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8A068000 \SystemRoot\system32\PSHED.dll
0x8A079000 \SystemRoot\system32\BOOTVID.dll
0x8A081000 \SystemRoot\system32\CLFS.SYS
0x8A0C2000 \SystemRoot\system32\CI.dll
0x8A1A2000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A21E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A22B000 \SystemRoot\system32\drivers\acpi.sys
0x8A271000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8A27A000 \SystemRoot\system32\drivers\msisadrv.sys
0x8A282000 \SystemRoot\system32\drivers\pci.sys
0x8A2A9000 \SystemRoot\System32\drivers\partmgr.sys
0x8A2B8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A2BB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A2C5000 \SystemRoot\system32\drivers\volmgr.sys
0x8A2D4000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A31E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A402000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A4DD000 \SystemRoot\system32\drivers\atapi.sys
0x8A4E5000 \SystemRoot\system32\drivers\ataport.SYS
0x8A503000 \SystemRoot\system32\drivers\msahci.sys
0x8A50D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A51B000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A54D000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A55D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A5CE000 \SystemRoot\system32\drivers\ndis.sys
0x8A6D9000 \SystemRoot\system32\drivers\msrpc.sys
0x8A704000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A80B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A91A000 \SystemRoot\system32\drivers\volsnap.sys
0x8A953000 \SystemRoot\System32\Drivers\spldr.sys
0x8A95B000 \SystemRoot\System32\Drivers\mup.sys
0x8A96A000 \SystemRoot\System32\drivers\ecache.sys
0x8A991000 \SystemRoot\system32\drivers\disk.sys
0x8A9A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AAB4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AABF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E40B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8E88D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E92C000 \SystemRoot\System32\drivers\watchdog.sys
0x8E939000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E94B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E956000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E994000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EC04000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8EF8D000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8EFDD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EFE1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EFF4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E9A3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E9D3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E9DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E9F6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E9FC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EA0B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EA39000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EA7A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EA85000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EA9C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EAA7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EACA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EAD9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EAED000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EB02000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EC02000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EB12000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EB3C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EB46000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EB53000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EB87000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EB98000 \SystemRoot\system32\drivers\HdAudio.sys
0x8AAC8000 \SystemRoot\system32\drivers\portcls.sys
0x8EBD7000 \SystemRoot\system32\drivers\drmk.sys
0x8F005000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F23C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F245000 \SystemRoot\System32\Drivers\Null.SYS
0x8F24C000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F25C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F263000 \SystemRoot\System32\drivers\vga.sys
0x8F26F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F290000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F298000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F2A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F2AB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F2B9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F2C2000 \SystemRoot\System32\drivers\tcpip.sys
0x8F3AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8F3C6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F3DC000 \SystemRoot\system32\DRIVERS\smb.sys
0x8AAF5000 \SystemRoot\system32\drivers\afd.sys
0x8AB3D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8AB6F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F3F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8AB85000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F253000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8AB98000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8E400000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8ABBA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8A73E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8ABF6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8A755000 \SystemRoot\System32\Drivers\dfsc.sys
0x8A76C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8A800000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8A788000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8A798000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F259000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8A7A0000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8A32E000 \SystemRoot\System32\Drivers\AVerAF15.sys
0x8F000000 \SystemRoot\System32\Drivers\BdaSup.SYS
0x8A7C1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A9CC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A9D9000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98450000 \SystemRoot\System32\win32k.sys
0x8A7CA000 \SystemRoot\System32\drivers\Dxapi.sys
0x8A7D4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98670000 \SystemRoot\System32\TSDDD.dll
0x98690000 \SystemRoot\System32\cdd.dll
0x8A7E3000 \SystemRoot\system32\drivers\luafv.sys
0x8A373000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8A387000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0x9B009000 \SystemRoot\system32\drivers\spsys.sys
0x9B0B8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9B0C8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9B0F2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B0FC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B10F000 \SystemRoot\system32\drivers\HTTP.sys
0x9B17C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B199000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B1B2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B1C7000 \SystemRoot\system32\drivers\mrxdav.sys
0x9B1E7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B206000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B23F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B257000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B27E000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B2E2000 \SystemRoot\system32\drivers\peauth.sys
0x9B3C0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B3CA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B3D6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77B30000 \Windows\System32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
440 C:\Windows\System32\smss.exe
508 csrss.exe
572 C:\Windows\System32\wininit.exe
584 csrss.exe
616 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\Ati2evxx.exe
1020 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\winlogon.exe
1164 C:\Windows\System32\audiodg.exe
1208 C:\Windows\System32\SLsvc.exe
1244 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\svchost.exe
1604 C:\Windows\System32\spoolsv.exe
1612 C:\Windows\System32\taskeng.exe
1644 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1660 C:\Windows\System32\svchost.exe
2016 C:\Windows\System32\Ati2evxx.exe
364 C:\Windows\System32\agrsmsvc.exe
380 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
460 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
468 C:\Program Files\Bonjour\mDNSResponder.exe
516 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\PnkBstrA.exe
1376 C:\Windows\System32\svchost.exe
304 C:\Windows\System32\svchost.exe
2076 C:\Windows\System32\svchost.exe
2096 C:\Windows\System32\SearchIndexer.exe
2820 C:\Windows\System32\dwm.exe
2832 C:\Windows\System32\taskeng.exe
2892 C:\Windows\explorer.exe
2916 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
2924 C:\Windows\System32\taskeng.exe
3140 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
3212 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
3224 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
3276 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
3408 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3428 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3444 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3584 C:\Windows\servicing\TrustedInstaller.exe
3712 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3732 C:\Program Files\SweetIM\Messenger\SweetIM.exe
3820 C:\Program Files\iTunes\iTunesHelper.exe
3840 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3908 C:\Program Files\Windows Sidebar\sidebar.exe
4076 C:\Program Files\Windows Media Player\wmpnscfg.exe
2120 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2516 C:\Program Files\Windows Media Player\wmpnetwk.exe
3864 C:\Program Files\iPod\bin\iPodService.exe
3816 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3240 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3164 C:\Program Files\Mozilla Firefox\firefox.exe
2704 C:\Program Files\Mozilla Firefox\plugin-container.exe
3348 C:\Windows\System32\wuauclt.exe
500 dllhost.exe
3852 dllhost.exe
3180 C:\Users\Felix\Desktop\MBRCheck.exe
3288 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`40100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`f0900000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM500JI, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

SUPERAntiSpyware Scann-Protokoll
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generiert 05/29/2011 bei 11:15 AM

Version der Applikation : 4.53.1000

Version der Kern-Datenbank : 7162
Version der Spur-Datenbank : 4974

Scan Art : kompletter Scann
Totale Scann-Zeit : 01:34:08

Gescannte Speicherelemente : 787
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 7301
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 160013
Erfasste Datei-Elemente : 0

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6710

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

29.05.2011 12:13:25
mbam-log-2011-05-29 (12-13-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 302835
Laufzeit: 56 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e3bee2cfb185e247a8712e19e6e26c8f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-29 11:45:39
# local_time=2011-05-29 01:45:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 87316 82176845 3726 0
# compatibility_mode=5892 16776573 100 100 0 144197866 0 0
# compatibility_mode=8192 67108863 100 0 154 154 0 0
# scanned=166120
# found=4
# cleaned=0
# scan_time=4400
C:\Program Files\Reviversoft\Driver Reviver\ASOHelper.dll a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Felix\Desktop\DriverReviverSetup.exe a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Felix\Documents\Desktop1.iso a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Felix\Downloads\CWS.msi probably a variant of Win32/Agent.FMXSRZA trojan (unable to clean) 00000000000000000000000000000000 I

Zitat:

C:\Program Files\Reviversoft\Driver Reviver\ASOHelper.dll a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Felix\Desktop\DriverReviverSetup.exe a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Felix\Documents\Desktop1.iso a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Felix\Downloads\CWS.msi probably a variant of Win32/Agent.FMXSRZA trojan (unable to clean) 00000000000000000000000000000000 I

Sind dir die Dateien bekannt? Stammt das aus vertrauenswürdigen Quellen?

also die ersten 3 ja... das is das recovery programm, mit dem ich den pc von der dvd gebootet habe... das 4te (cws) kenn ich ehrlich gesagt nicht... bzw weis nichmehr was das ist... lt "eigenschaften" hab ich das seit jan. aufm rechner...

soll ich das einfach löschen?

Zitat:

C:\Users\Felix\Downloads\CWS.msi

Bitte mal bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

ok, ich hoff ich habs richtig gemacht... müsste hochgeladen sein...

Lösch es, das ist Malware. => VirusTotal - Free Online Virus, Malware and URL Scanner
Ob du diese cws-msi ausgeführt hast weißt du aber nicht mehr oder?

also wenn dann nur im januar mal... jetzt in letzter zeit definitiv nicht...
ist gelöscht...

Gut. Rechner wieder im Lot?

joar soweit passt wieder alles :D

kann ich denn das ganze zeug wieder runter schmeißen, oder sollte ich da was behalten?

wenn du nix mehr hast würde ich mich an dieser stelle erst mal recht herzlich bedanken ;)
warn supper support.... weiter so

grüße felix

Ja die Tools können alle wieder runter.

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.