Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A (https://www.trojaner-board.de/99492-pc-entdeckt-spyeyes-exploits-exp-cve-2010-4452-a.html)

oltadela 23.05.2011 21:09
Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A
 
Hallo an alle,

bin durch Zufall und Google hier im Forum gelandet und nach mehreren Stunden lesen und überlegen mich entschieden nach Hilfe zu fragen. Für Schreibfehler entschuldige ich mich gleich - Deutsch ist nicht meine Muttersprache.

Am Donnerstag, 19.05., nach 14 Uhr habe ich beim Versuch mich für Onlinebanking anzumelden zum 1. Mal diese "Mitteilung der Bank" über Abschaffung von iTans gesehen. Das Fenster lies sich nicht schließen, alt+F4 hat auch den IE geschlossen - also habe ich beim 2. Versuch auf "Bestätigen" geklickt. Die Bank-Seite war wieder frei und ich habe die Login-Daten eingegeben und Enter. Es passierte nichts. Da ahnte ich schon böses...
Bin schnell zu anderen Bank wo ich ein anderes Konto habe - da kam die selbe "Mitteilung"! Erst Mal von anderem PC nachgesehen - da gibt es diese "Mitteilung" nicht - eingeloggt, Passwort geändert.

Nun versuche ich seit dem das "Ding" zu beseitigen. Zu erst mit Avira GmbH telefoniert, mehrmals hin und her gemailt - letzte Email am Freitag, die konnten nichts in meinen zugeschickten Berichten finden... Am Wochenende war Pause (Büro-PC). Heute hat Avira gemeldet:
------------------------------------
Beginne mit der Suche in 'C:\'
C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-4f3badaf
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.A
Beginne mit der Suche in 'D:\' <HP_RECOVERY>

Beginne mit der Desinfektion:
C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-4f3badaf
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.A
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b53b2c5.qua' verschoben!


Ende des Suchlaufs: Montag, 23. Mai 2011 10:09
Benötigte Zeit: 1:53:38 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

26081 Verzeichnisse wurden überprüft
741470 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
741469 Dateien ohne Befall
12651 Archive wurden durchsucht
0 Warnungen
1 Hinweise
---------------------------------

Das Problem wurde erkannt, dachte ich, und eigentlich auch beseitigt... Beim Versuch Onlinebanking zu starten war meine "Mitteilung" wieder da.
Avira hat nichts mehr gefunden, nur Versteckte Dateien... die ich dann entfernt habe... "Mitteilung" war immer noch da...

In meiner Panik (hatte noch nie solche Probleme und eigentlich kein Wissen über Viren usw.) googelte ich die Datei, die Avira im Bericht meldete und bin hier gelandet.

Bevor ich mich getraut habe hier zu schreiben lies ich die Malware drüberlaufen. Die meldete SpyEyes. Die Dateien habe ich entfernen lassen.
Nun ist grade OTL fertig. Die Berichte kommen gleich unten.

Ich hoffe, dass mir jemand helfen kann... Auf dem PC ist Vista, habe alles als Administrator gemacht...

Ich danke euch schon mal für Rückmeldungen.
Mara

Bericht von Malware:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6654
 
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
 
23.05.2011 21:03:00
mbam-log-2011-05-23 (21-03-00).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 390525
Laufzeit: 1 Stunde(n), 50 Minute(n), 10 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
 
Infizierte Dateien:
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Sorry, mehrfach gepostet

Hier das OTL-Bericht:
OTL Logfile:
Code:
OTL Extras logfile created on: 23.05.2011 21:23:52 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,53% Memory free
4,23 Gb Paging File | 3,14 Gb Available in Paging File | 74,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,35 Gb Total Space | 133,30 Gb Free Space | 59,15% Space Free | Partition Type: NTFS
Drive D: | 7,54 Gb Total Space | 2,28 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
 
Computer Name: MEIN_ARBEITS-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B213619-CE8F-4769-981F-C602F1FA58EB}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{222DF65F-E7C6-4DFA-B8B4-6FF4D3513D16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BA8692D-FCB0-4DD3-A2E0-19E231DC7732}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DD66591-E4C3-45A6-8114-F0688DF5CD75}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8E806442-76A0-4199-862F-1261E0FEE5D4}" = rport=2869 | protocol=6 | dir=out | app=system |
"{ADA66A25-BD3C-4734-9531-05BD65CA0104}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF57D778-2E2A-43FD-98EC-23128180FE33}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C26CEB2A-D5B7-41F2-9CF6-B2B7413DC65B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5044150-AB36-489C-85C3-579AE78442C3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EB6EB3E0-DF7A-452B-965A-548971C6A386}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05740BE2-72EF-429B-9E5D-2B6FEECA0B28}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{05BDDA5F-4286-4DFC-B442-95E340ADA878}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15D85CC1-2407-4CF1-8F96-8E3B4C0687BD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{1E1D50FC-DCF2-429D-A9B7-6FD1CC095E45}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AEB939F-DC9E-425B-B29C-7A7B0144D948}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{3A3033BD-311B-4A6D-B13A-2A1C14052CA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3AABD80B-337E-4F0D-813A-D7118F789BD3}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{7D100A2B-EE9A-4E0D-9449-BE494A610CB4}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EBDCEDB-3F52-4967-B9F1-635E2B4F366B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{9B486095-BC92-4574-8323-607CCD4C9829}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A6790671-C896-495F-A8E2-A9952EFD431E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{BBA335CC-8665-4CE1-817C-B1C03046ABB6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{D243203B-5D8C-4C0D-B3EA-33E9AD6724DC}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{D6474DB5-D9D6-4C6C-A792-D437B5D34A49}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{024EF36A-1C3A-4696-B02A-AF653F21C521}C:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe |
"TCP Query User{141D4B11-5DAB-48BC-AFE0-57B4DD0E33D8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5F589320-FB3D-42D0-95D9-548E7701E5B0}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"TCP Query User{66398D10-38ED-4F09-B030-8175FB1F8C31}E:\pmsdview.exe" = protocol=6 | dir=in | app=e:\pmsdview.exe |
"TCP Query User{9FDE60BB-6864-4AC7-A896-6414090F5C2A}C:\sierra\emperordadrdm\emperor.exe" = protocol=6 | dir=in | app=c:\sierra\emperordadrdm\emperor.exe |
"TCP Query User{BEE76208-6068-4AC7-B3A2-FC902AB8CD19}C:\program files\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |
"UDP Query User{34650647-07EF-4C0D-BB05-041D23F83BA0}E:\pmsdview.exe" = protocol=17 | dir=in | app=e:\pmsdview.exe |
"UDP Query User{64B4F7C1-E613-4396-AD4B-6DE5FDC272D1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{66A61FD5-9C66-4B17-9397-F56EBFA7FC2A}C:\program files\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |
"UDP Query User{CAABA174-6924-4140-B08F-F319C48FC2C8}C:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe |
"UDP Query User{D0639038-EFD6-4DB9-8979-744F829E020C}C:\sierra\emperordadrdm\emperor.exe" = protocol=17 | dir=in | app=c:\sierra\emperordadrdm\emperor.exe |
"UDP Query User{E5862B83-A126-4542-8700-E190AEE17D8F}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7E75BB0E-21CD-42C5-9F8C-1C3A7C10E1F5}" = HotSpot Manager
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = DER ERSTE KAISER: Aufstieg des Reichs der Mitte
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8CC5F040-44F2-4FB7-9720-47F53F96D180}" = MSCU for Microsoft Vista
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9FA7A537-E6F6-4A6E-95B9-E4152756132D}" = hppCM1410LaserJetService
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AABE44D1-0B72-4C6B-9778-20B2317F8064}" = hpzTLBXFX
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B76A76EB-BCCA-4625-9C4C-1FFAE19E4772}" = ESU for Microsoft Vista
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{DA5576B5-EF2A-4E3A-8763-FCA8BA84DA00}" = hppTLBXFXCM1410
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digital Camera Driver" = Digital Camera Driver
"EasyCash&Tax_is1" = EasyCash&Tax 1.52
"ECTPlugAnlagenverzeichnis_is1" = ECTPlugAnlagenverzeichnis 1.3
"ElsterFormular für Privatanwender und Unternehmer 11.5.3.5585" = ElsterFormular für Privatanwender und Unternehmer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESP1400_1410 Ben.handbuch" = ESP1400_1410 Ben.handbuch
"Farm Frenzy 3" = Farm Frenzy 3
"FreePDF_XP" = FreePDF XP (Remove only)
"FTP Commander" = FTP Commander
"Herrscher des Olymp - Zeus" = Herrscher des Olymp - Zeus
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"My Nail & Cosmetic Studio" = My Nail & Cosmetic Studio
"Netzmanager" = Netzmanager
"NVIDIA Drivers" = NVIDIA Drivers
"phase5" = phase5
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung SF-370_CF-370 Series" = Samsung SF-370_CF-370 Series
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VideoLAN" = VideoLAN VLC media player 0.7.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.05.2011 04:18:58 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 19.05.2011 10:34:11 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 19.05.2011 12:33:27 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19048 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 12b8  Anfangszeit: 01cc16409e2d488f  Zeitpunkt
 der Beendigung: 16
 
Error - 20.05.2011 01:59:44 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 23.05.2011 01:48:41 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 23.05.2011 04:24:51 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 23.05.2011 07:23:39 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 23.05.2011 08:50:35 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: df4  Anfangszeit: 01cc1947489aa0f7  Zeitpunkt
 der Beendigung: 0
 
Error - 23.05.2011 08:52:29 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 11d4  Anfangszeit: 01cc1948015b1397  Zeitpunkt
 der Beendigung: 63
 
Error - 23.05.2011 10:48:44 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 10a4  Anfangszeit: 01cc194baf0ada97  Zeitpunkt
 der Beendigung: 78
 
[ Media Center Events ]
Error - 10.06.2008 03:22:29 | Computer Name = Mein_Arbeits-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ System Events ]
Error - 23.05.2011 08:33:01 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.05.2011 15:06:40 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
 
Error - 23.05.2011 15:08:04 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.05.2011 15:08:04 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.05.2011 15:08:04 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.05.2011 15:08:09 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 23.05.2011 15:08:10 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 23.05.2011 15:08:14 | Computer Name = Mein_Arbeits-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 23.05.2011 15:08:14 | Computer Name = Mein_Arbeits-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 169.254.101.16 deaktiviert,
 da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 23.05.2011 15:08:28 | Computer Name = Mein_Arbeits-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.101 deaktiviert,
 da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
 
< End of report >
--- --- ---


und das zweite:

OTL Logfile:
Code:
OTL logfile created on: 23.05.2011 21:23:52 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Tamara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,53% Memory free
4,23 Gb Paging File | 3,14 Gb Available in Paging File | 74,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,35 Gb Total Space | 133,30 Gb Free Space | 59,15% Space Free | Partition Type: NTFS
Drive D: | 7,54 Gb Total Space | 2,28 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
 
Computer Name: MEIN_ARBEITS-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.23 21:18:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2011.05.20 07:16:28 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011.04.27 09:01:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.16 12:27:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.09 09:02:37 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
PRC - [2011.03.08 12:03:07 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010.11.30 19:19:36 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010.11.30 19:19:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.04.16 11:32:48 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2010.04.12 09:13:08 | 000,142,336 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.04.28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007.06.26 21:27:46 | 000,312,320 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2007.05.04 13:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2007.04.24 03:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006.07.04 06:00:00 | 000,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBUE.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.23 21:18:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (Automatisches LiveUpdate - Scheduler)
SRV - [2011.04.27 09:01:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.16 12:27:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.08 12:03:07 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.11.30 19:19:36 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.04.12 09:13:08 | 000,142,336 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.01.29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 09:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2007.04.24 03:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007.04.24 03:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007.01.09 23:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006.11.02 14:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 12:27:21 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.06.17 15:30:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007.12.10 16:59:21 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2007.07.09 04:57:00 | 007,140,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.04.12 04:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.03.07 06:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.17 01:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.23 19:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.01.23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.30 19:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.28 18:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.24 04:34:47 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006.11.24 04:34:46 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.06.28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.04.05 09:58:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.09 14:33:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 14:33:34 | 000,000,000 | ---D | M]
 
[2008.12.01 15:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2011.05.19 14:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions
[2010.06.03 19:41:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.20 17:43:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.04.08 11:05:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.13 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.15 08:29:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.03 08:20:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.13 10:22:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008.08.05 18:24:26 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [NapsterShell]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [msnmsgr]  File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\Shell - "" = AutoRun
O33 - MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\Shell - "" = AutoRun
O33 - MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c94e833a-c5a7-11dc-9a3e-001b24dad16c}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.23 21:18:09 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011.05.23 16:29:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2011.05.23 16:29:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.23 16:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.23 16:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.23 16:29:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.23 16:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.23 13:50:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 13:50:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 13:50:44 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 13:50:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 13:50:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 13:50:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 13:50:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 13:50:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 13:50:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 13:50:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 13:50:43 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 13:50:43 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 13:50:43 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 13:50:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 13:50:43 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 13:50:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 13:50:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 13:50:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 13:50:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 13:50:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 13:50:42 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 13:50:42 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 13:50:42 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 13:50:42 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 13:50:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 13:50:42 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 13:50:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 13:50:41 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 13:50:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 13:50:41 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 13:50:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 13:50:41 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 13:50:41 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 13:50:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 13:50:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 13:50:41 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 13:50:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 13:50:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 13:50:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.23 13:49:06 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.05.23 13:49:06 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.05.23 13:49:06 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.05.23 13:49:06 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.05.23 13:49:06 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.05.23 13:49:06 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.05.23 13:49:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.05.23 13:49:04 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.05.23 13:49:04 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.05.23 13:49:04 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.05.23 13:49:03 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.05.23 13:49:03 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.05.23 13:49:03 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.05.23 13:49:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.05.23 13:49:03 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.05.23 13:49:03 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.05.23 13:49:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.05.23 13:49:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.05.23 13:49:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.05.23 13:49:02 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.05.23 13:49:02 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.05.23 13:49:02 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.05.23 13:46:52 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011.05.23 13:46:52 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011.05.23 13:46:52 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011.05.23 13:46:52 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011.05.23 13:46:51 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011.05.23 13:46:51 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011.05.23 13:41:40 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011.05.23 13:41:39 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.05.23 13:41:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.05.23 13:41:36 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011.05.23 13:41:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.05.23 13:41:18 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.05.23 13:40:12 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011.05.23 08:07:10 | 003,663,960 | ---- | C] (TeamViewer GmbH) -- C:\Users\xxx\Desktop\customermodule_avira_support_de.exe
[2011.05.20 14:35:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.09 14:35:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.23 21:26:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.23 21:25:50 | 007,340,032 | -HS- | M] () -- C:\Users\xxx\ntuser.dat
[2011.05.23 21:18:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011.05.23 21:09:25 | 000,054,318 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2011.05.23 21:09:16 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.05.23 21:08:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.23 21:06:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.05.23 21:06:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 21:06:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 21:06:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011.05.23 21:06:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.23 21:04:41 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.05.23 21:04:41 | 000,065,536 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.05.23 21:04:36 | 004,631,770 | -H-- | M] () -- C:\Users\xxx\AppData\Local\IconCache.db
[2011.05.23 16:29:06 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.23 14:24:51 | 000,194,304 | ---- | M] () -- C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
[2011.05.23 14:20:02 | 001,630,778 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011.05.23 14:20:02 | 000,701,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.23 14:20:02 | 000,656,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.23 14:20:02 | 000,153,002 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.23 14:20:02 | 000,125,776 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.23 14:13:36 | 000,896,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.23 13:50:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.05.23 13:50:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.05.23 13:50:45 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 13:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 13:50:44 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 13:50:44 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 13:50:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 13:50:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 13:50:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 13:50:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 13:50:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 13:50:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 13:50:43 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 13:50:43 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 13:50:43 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 13:50:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 13:50:43 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 13:50:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 13:50:43 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 13:50:43 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.05.23 13:50:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 13:50:42 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 13:50:42 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 13:50:42 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 13:50:42 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 13:50:42 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 13:50:42 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 13:50:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 13:50:42 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 13:50:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 13:50:41 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 13:50:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 13:50:41 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 13:50:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 13:50:41 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 13:50:41 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 13:50:41 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 13:50:41 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 13:50:41 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 13:50:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 13:50:41 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 13:50:41 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.23 13:49:06 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.05.23 13:49:06 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.05.23 13:49:06 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.05.23 13:49:06 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.05.23 13:49:06 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.05.23 13:49:06 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.05.23 13:49:05 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.05.23 13:49:04 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.05.23 13:49:04 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.05.23 13:49:04 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.05.23 13:49:03 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.05.23 13:49:03 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.05.23 13:49:03 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.05.23 13:49:03 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.05.23 13:49:03 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.05.23 13:49:03 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.05.23 13:49:03 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.05.23 13:49:03 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.05.23 13:49:03 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.05.23 13:49:02 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.05.23 13:49:02 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.05.23 13:49:02 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.05.23 13:46:52 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011.05.23 13:46:52 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011.05.23 13:46:52 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011.05.23 13:46:52 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011.05.23 13:46:52 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui
[2011.05.23 13:46:51 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011.05.23 13:46:51 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011.05.23 08:07:18 | 003,663,960 | ---- | M] (TeamViewer GmbH) -- C:\Users\xxx\Desktop\customermodule_avira_support_de.exe
[2011.05.23 07:57:02 | 000,240,128 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.18 15:37:11 | 000,001,152 | ---- | M] () -- C:\Users\xxx\Desktop\Ticker.html
[2011.05.10 13:36:16 | 000,013,877 | ---- | M] () -- C:\Users\xxx\Desktop\Kurz-mal-weg-de.ods
[2011.05.09 11:06:45 | 012,552,815 | ---- | M] () -- C:\Users\xxx\Desktop\Ohne Titel-1.psd
[2011.05.09 07:56:47 | 000,000,259 | ---- | M] () -- C:\Windows\win.ini
[2011.05.05 09:23:28 | 000,054,318 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
[2011.05.02 12:05:45 | 230,991,984 | ---- | M] () -- C:\Windows\MEMORY.DMP
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.23 16:29:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.23 13:50:43 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.05.10 13:36:14 | 000,013,877 | ---- | C] () -- C:\Users\xxx\Desktop\Kurz-mal-weg-de.ods
[2011.05.05 14:06:11 | 012,552,815 | ---- | C] () -- C:\Users\xxx\Desktop\Ohne Titel-1.psd
[2011.03.30 20:22:05 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011.03.30 20:22:05 | 000,000,250 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2010.12.13 19:19:44 | 004,631,770 | -H-- | C] () -- C:\Users\xxx\AppData\Local\IconCache.db
[2009.09.16 13:30:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.16 13:30:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.16 13:29:50 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009.09.16 13:29:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.09.16 11:44:52 | 000,003,235 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2009.04.13 14:42:37 | 000,000,094 | ---- | C] () -- C:\Users\xxx\AppData\Local\fusioncache.dat
[2009.02.14 22:46:23 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.02.14 22:46:23 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.02.09 19:52:19 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009.02.09 19:52:19 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009.02.09 19:52:19 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009.02.09 19:52:19 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009.02.09 19:52:19 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009.02.09 19:52:19 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009.02.09 19:52:19 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009.02.09 19:52:19 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009.02.09 19:52:19 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009.02.09 19:52:19 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009.02.09 19:52:19 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009.02.09 19:52:19 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009.02.09 19:52:19 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009.02.09 19:52:19 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009.02.09 19:52:19 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009.02.09 19:52:19 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009.02.09 19:52:19 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009.02.09 19:52:19 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.02.09 19:52:19 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.02.09 19:50:33 | 000,000,025 | ---- | C] () -- C:\Windows\CDE ESP1400Euro.ini
[2008.11.21 20:03:24 | 000,000,492 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.09.17 21:47:54 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2008.08.05 23:19:56 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.08.05 23:19:53 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.08.05 23:19:53 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.08.05 23:19:53 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.08.05 23:19:51 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.08.05 23:19:51 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.08.05 17:37:09 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008.08.05 17:37:09 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.08.05 17:37:08 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008.08.05 17:37:08 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2008.08.05 17:37:08 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008.02.20 23:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2008.02.02 13:40:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008.02.02 13:40:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2007.12.18 15:56:39 | 000,007,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2007.12.09 23:20:36 | 000,650,487 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\UserTile.png
[2007.12.09 12:13:35 | 000,054,318 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2007.12.08 22:08:10 | 000,054,318 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
[2007.12.08 20:54:02 | 000,013,734 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\wklnhst.dat
[2007.12.05 21:12:43 | 000,240,128 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.05 15:25:23 | 000,194,304 | ---- | C] () -- C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
[2007.08.20 11:01:39 | 000,111,045 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007.08.20 09:49:27 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007.02.27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.14 08:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.14 08:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 17:33:31 | 000,701,768 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,153,002 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,896,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 001,630,778 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006.11.02 12:33:01 | 000,656,152 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,125,776 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006.11.02 12:23:31 | 000,000,259 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:33:50 | 000,056,880 | ---- | C] () -- C:\Windows\System32\scvideo.dll
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2006.11.02 09:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2006.11.02 09:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2006.11.02 09:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2006.11.02 09:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2006.11.02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2006.11.02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2006.11.02 09:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2006.11.02 09:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2006.11.02 09:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2006.11.02 09:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2006.11.02 09:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2006.11.02 09:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2006.11.02 09:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2006.11.02 09:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2006.11.02 09:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2006.11.02 09:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2006.11.02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006.11.02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006.11.02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006.11.02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006.11.02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006.11.02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006.11.02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006.11.02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006.11.02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006.11.02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006.11.02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006.11.02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006.11.02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006.11.02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006.11.02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006.11.02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2006.03.10 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.05.07 14:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.12.23 10:53:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Alawar
[2010.12.14 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Crtuser
[2011.01.02 15:37:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\elsterformular
[2009.02.09 20:40:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EPSON
[2009.12.18 17:56:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Hemera
[2010.01.21 10:01:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2007.12.10 17:58:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PX24
[2009.12.06 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\T-Online
[2009.12.14 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Template
[2010.12.15 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Uniblue
[2007.12.10 16:46:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Visit-X
[2008.06.24 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\VX-Software2007
[2011.05.23 21:05:08 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E1F04E8D
 
< End of report >
--- --- ---

[/code]

Sorry, mehrfach gepostet

Hallo und guten Morgen,

tut mir Leid, wenn ich zu ungeduldig bin...
Kann mir jemand weiter helfen?
Ist mein PC jetzt frei von Schädlingen? Was soll ich machen? :killpc:
Das Fenster mit der "Meldung" kommt jetzt nicht mehr, ich habe aber Bedenken mich wieder frei im Internet zu bewegen...
LG
Mara

cosinus 24.05.2011 14:10
War das der erste und einzige Scan mit Malwarebytes? Oder schon öfter gescannt? Wenn ja, zu jedem Scan gibt es auch ein Log, dann bitte alle posten.

oltadela 24.05.2011 19:31
Hallo Arne,

das war der erste und einzige Scan mit Malwarebytes. Davor mehrere mit Avira. Ich habe über Malwarebytes erst hier gelesen. Ich lasse gleich einen durchlaufen und poste den dann.
Danke für die Antwort :)
LG
Mara

cosinus 24.05.2011 19:40
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\Shell - "" = AutoRun
O33 - MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\Shell - "" = AutoRun
O33 - MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c94e833a-c5a7-11dc-9a3e-001b24dad16c}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E1F04E8D
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

oltadela 24.05.2011 21:28
Malware ist jetzt durch
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6654

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

24.05.2011 22:22:54
mbam-log-2011-05-24 (22-22-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 325421
Laufzeit: 1 Stunde(n), 38 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Morgen früh geht das Fixen los. Ich danke Dir! :)

oltadela 25.05.2011 08:33
Ich hoffe, dass ich das richtig gemacht habe.
hier das Resultat:
Code:
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOMODE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8eb1974-0de7-11dd-be13-001b24dad16c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8eb1974-0de7-11dd-be13-001b24dad16c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb89790b-f677-11dc-bc30-001b24dad16c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb89790b-f677-11dc-bc30-001b24dad16c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c94e833a-c5a7-11dc-9a3e-001b24dad16c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c94e833a-c5a7-11dc-9a3e-001b24dad16c}\ not found.
File F:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:E1F04E8D deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.23.0 log created on 05252011_093035

cosinus 25.05.2011 10:16
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

oltadela 25.05.2011 11:15
Habe ich gemacht:
Code:
2011/05/25 12:16:51.0012 5076        TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/25 12:16:51.0152 5076        ================================================================================
2011/05/25 12:16:51.0152 5076        SystemInfo:
2011/05/25 12:16:51.0152 5076       
2011/05/25 12:16:51.0152 5076        OS Version: 6.0.6002 ServicePack: 2.0
2011/05/25 12:16:51.0152 5076        Product type: Workstation
2011/05/25 12:16:51.0152 5076        ComputerName: MEIN_ARBEITS-PC
2011/05/25 12:16:51.0152 5076        UserName: xxx
2011/05/25 12:16:51.0152 5076        Windows directory: C:\Windows
2011/05/25 12:16:51.0152 5076        System windows directory: C:\Windows
2011/05/25 12:16:51.0152 5076        Processor architecture: Intel x86
2011/05/25 12:16:51.0152 5076        Number of processors: 2
2011/05/25 12:16:51.0152 5076        Page size: 0x1000
2011/05/25 12:16:51.0152 5076        Boot type: Normal boot
2011/05/25 12:16:51.0152 5076        ================================================================================
2011/05/25 12:16:52.0151 5076        Initialize success
2011/05/25 12:16:54.0163 4800        ================================================================================
2011/05/25 12:16:54.0163 4800        Scan started
2011/05/25 12:16:54.0163 4800        Mode: Manual;
2011/05/25 12:16:54.0163 4800        ================================================================================
2011/05/25 12:16:55.0083 4800        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/25 12:16:55.0161 4800        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/25 12:16:55.0208 4800        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/25 12:16:55.0255 4800        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/25 12:16:55.0302 4800        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/25 12:16:55.0395 4800        AFD            (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/25 12:16:55.0458 4800        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/25 12:16:55.0520 4800        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/25 12:16:55.0629 4800        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/25 12:16:55.0692 4800        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/25 12:16:55.0754 4800        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/25 12:16:55.0801 4800        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/25 12:16:55.0863 4800        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/25 12:16:55.0988 4800        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/25 12:16:56.0051 4800        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/25 12:16:56.0144 4800        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/25 12:16:56.0207 4800        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/25 12:16:56.0269 4800        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/25 12:16:56.0331 4800        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/25 12:16:56.0394 4800        BCM43XV        (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/25 12:16:56.0441 4800        BCM43XX        (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/25 12:16:56.0503 4800        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/25 12:16:56.0612 4800        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/25 12:16:56.0675 4800        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/25 12:16:56.0706 4800        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/25 12:16:56.0753 4800        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/25 12:16:56.0815 4800        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/25 12:16:56.0862 4800        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/25 12:16:56.0893 4800        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/25 12:16:56.0940 4800        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/25 12:16:57.0002 4800        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/25 12:16:57.0065 4800        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/25 12:16:57.0127 4800        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/25 12:16:57.0221 4800        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/25 12:16:57.0283 4800        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/25 12:16:57.0330 4800        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/25 12:16:57.0408 4800        CoachUsb        (7a0b457eefef8cbaa0cc44c8819113bd) C:\Windows\system32\DRIVERS\CoachUsb.sys
2011/05/25 12:16:57.0439 4800        CoachVc        (614ca0bfa09861e42ad8d14b83540758) C:\Windows\system32\DRIVERS\CoachVc.sys
2011/05/25 12:16:57.0517 4800        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/25 12:16:57.0579 4800        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/25 12:16:57.0626 4800        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/25 12:16:57.0704 4800        DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/25 12:16:57.0782 4800        DgiVecp        (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
2011/05/25 12:16:57.0860 4800        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/25 12:16:58.0047 4800        dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/25 12:16:58.0094 4800        Dot4Print      (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/25 12:16:58.0141 4800        Dot4Scan        (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/05/25 12:16:58.0188 4800        dot4usb        (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/25 12:16:58.0281 4800        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/25 12:16:58.0359 4800        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/25 12:16:58.0422 4800        E100B          (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/05/25 12:16:58.0484 4800        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/25 12:16:58.0547 4800        eabfiltr        (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/05/25 12:16:58.0640 4800        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/25 12:16:58.0718 4800        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/25 12:16:58.0874 4800        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/25 12:16:58.0952 4800        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/25 12:16:58.0999 4800        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/25 12:16:59.0077 4800        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/25 12:16:59.0139 4800        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/25 12:16:59.0171 4800        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/25 12:16:59.0233 4800        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/25 12:16:59.0280 4800        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/25 12:16:59.0311 4800        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/25 12:16:59.0405 4800        HBtnKey        (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/05/25 12:16:59.0451 4800        HdAudAddService (a08f4808fb19a40792a6056848187afe) C:\Windows\system32\drivers\CHDART.sys
2011/05/25 12:16:59.0514 4800        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/25 12:16:59.0623 4800        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/25 12:16:59.0670 4800        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/25 12:16:59.0717 4800        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/25 12:16:59.0795 4800        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/25 12:16:59.0888 4800        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/25 12:16:59.0982 4800        HSF_DPV        (0d7a055a840c3099c37d576573a42cd5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/25 12:17:00.0044 4800        HSXHWAZL        (bcc074692882c056b0e1ac97f3331a02) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/25 12:17:00.0091 4800        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/25 12:17:00.0200 4800        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/25 12:17:00.0263 4800        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/25 12:17:00.0356 4800        ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/25 12:17:00.0403 4800        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/25 12:17:00.0450 4800        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/25 12:17:00.0528 4800        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/25 12:17:00.0590 4800        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/25 12:17:00.0684 4800        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/25 12:17:00.0746 4800        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/25 12:17:00.0809 4800        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/25 12:17:00.0902 4800        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/25 12:17:00.0949 4800        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/25 12:17:01.0027 4800        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/25 12:17:01.0074 4800        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/25 12:17:01.0121 4800        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/25 12:17:01.0183 4800        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/25 12:17:01.0230 4800        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/25 12:17:01.0292 4800        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/25 12:17:01.0386 4800        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/25 12:17:01.0479 4800        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/25 12:17:01.0526 4800        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/25 12:17:01.0557 4800        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/25 12:17:01.0620 4800        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/25 12:17:01.0667 4800        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/25 12:17:01.0713 4800        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/25 12:17:01.0776 4800        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/25 12:17:01.0823 4800        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/25 12:17:01.0885 4800        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/25 12:17:01.0979 4800        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/25 12:17:02.0010 4800        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/25 12:17:02.0072 4800        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/25 12:17:02.0119 4800        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/25 12:17:02.0166 4800        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/25 12:17:02.0228 4800        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/25 12:17:02.0275 4800        mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/25 12:17:02.0322 4800        mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/25 12:17:02.0369 4800        mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/25 12:17:02.0415 4800        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/25 12:17:02.0447 4800        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/25 12:17:02.0525 4800        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/25 12:17:02.0571 4800        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/25 12:17:02.0634 4800        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/25 12:17:02.0681 4800        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/25 12:17:02.0712 4800        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/25 12:17:02.0759 4800        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/25 12:17:02.0790 4800        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/25 12:17:02.0837 4800        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/25 12:17:02.0883 4800        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/25 12:17:02.0977 4800        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/25 12:17:03.0024 4800        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/25 12:17:03.0086 4800        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/25 12:17:03.0133 4800        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/25 12:17:03.0180 4800        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/25 12:17:03.0227 4800        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/25 12:17:03.0320 4800        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/25 12:17:03.0383 4800        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/25 12:17:03.0461 4800        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/25 12:17:03.0523 4800        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/25 12:17:03.0585 4800        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/25 12:17:03.0663 4800        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/25 12:17:03.0710 4800        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/25 12:17:03.0757 4800        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/25 12:17:03.0835 4800        NVENETFD        (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/25 12:17:04.0100 4800        nvlddmkm        (23188eea47d122c13327070aa5dbcf3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/25 12:17:04.0209 4800        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/25 12:17:04.0272 4800        nvsmu          (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/05/25 12:17:04.0319 4800        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/25 12:17:04.0350 4800        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/25 12:17:04.0459 4800        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/25 12:17:04.0506 4800        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/25 12:17:04.0553 4800        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/25 12:17:04.0599 4800        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/25 12:17:04.0662 4800        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/25 12:17:04.0709 4800        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/25 12:17:04.0755 4800        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/25 12:17:04.0833 4800        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/25 12:17:04.0974 4800        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/25 12:17:05.0021 4800        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/25 12:17:05.0114 4800        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/25 12:17:05.0145 4800        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/25 12:17:05.0239 4800        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/25 12:17:05.0286 4800        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/25 12:17:05.0348 4800        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/25 12:17:05.0395 4800        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/25 12:17:05.0457 4800        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/25 12:17:05.0520 4800        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/25 12:17:05.0535 4800        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/25 12:17:05.0598 4800        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/25 12:17:05.0645 4800        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/25 12:17:05.0723 4800        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/25 12:17:05.0738 4800        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/25 12:17:05.0832 4800        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/25 12:17:05.0910 4800        rimmptsk        (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/05/25 12:17:05.0957 4800        rimsptsk        (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/05/25 12:17:05.0988 4800        rismxdp        (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/05/25 12:17:06.0066 4800        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/25 12:17:06.0113 4800        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/25 12:17:06.0191 4800        sdbus          (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/25 12:17:06.0222 4800        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/25 12:17:06.0284 4800        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/25 12:17:06.0315 4800        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/25 12:17:06.0378 4800        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/25 12:17:06.0456 4800        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/25 12:17:06.0487 4800        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/25 12:17:06.0534 4800        sffp_sd        (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/25 12:17:06.0581 4800        sfloppy        (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/25 12:17:06.0643 4800        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/25 12:17:06.0690 4800        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/25 12:17:06.0721 4800        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/25 12:17:06.0799 4800        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/25 12:17:06.0877 4800        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/25 12:17:06.0939 4800        SPLITCAM        (c7c361a04742ab187e10583bbf4fa975) C:\Windows\system32\DRIVERS\splitcam.sys
2011/05/25 12:17:07.0033 4800        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/25 12:17:07.0080 4800        srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/25 12:17:07.0127 4800        srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/25 12:17:07.0189 4800        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/25 12:17:07.0220 4800        SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
2011/05/25 12:17:07.0283 4800        StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/05/25 12:17:07.0329 4800        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/25 12:17:07.0392 4800        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/25 12:17:07.0439 4800        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/25 12:17:07.0470 4800        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/25 12:17:07.0532 4800        SynTP          (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/25 12:17:07.0626 4800        Tcpip          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/25 12:17:07.0688 4800        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/25 12:17:07.0735 4800        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/25 12:17:07.0782 4800        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/25 12:17:07.0829 4800        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/25 12:17:07.0891 4800        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/25 12:17:08.0000 4800        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/25 12:17:08.0109 4800        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/25 12:17:08.0172 4800        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/25 12:17:08.0203 4800        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/25 12:17:08.0250 4800        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/25 12:17:08.0297 4800        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/25 12:17:08.0359 4800        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/25 12:17:08.0406 4800        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/25 12:17:08.0437 4800        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/25 12:17:08.0468 4800        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/25 12:17:08.0531 4800        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/25 12:17:08.0593 4800        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/25 12:17:08.0640 4800        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/25 12:17:08.0671 4800        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/25 12:17:08.0718 4800        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/25 12:17:08.0765 4800        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/25 12:17:08.0796 4800        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/25 12:17:08.0858 4800        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/25 12:17:08.0921 4800        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/25 12:17:08.0952 4800        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/25 12:17:09.0014 4800        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/25 12:17:09.0077 4800        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/25 12:17:09.0123 4800        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/25 12:17:09.0201 4800        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/25 12:17:09.0233 4800        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/25 12:17:09.0264 4800        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/25 12:17:09.0311 4800        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/25 12:17:09.0373 4800        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/25 12:17:09.0420 4800        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/25 12:17:09.0451 4800        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/25 12:17:09.0513 4800        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/25 12:17:09.0560 4800        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 12:17:09.0576 4800        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 12:17:09.0638 4800        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/25 12:17:09.0701 4800        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/25 12:17:09.0825 4800        winachsf        (3b4522d0e750bac8fe7ae61622a57014) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/25 12:17:09.0935 4800        winusb          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/05/25 12:17:10.0013 4800        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/25 12:17:10.0091 4800        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/25 12:17:10.0137 4800        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/25 12:17:10.0231 4800        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/25 12:17:10.0278 4800        XAudio          (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/25 12:17:10.0356 4800        MBR (0x1B8)    (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
2011/05/25 12:17:10.0387 4800        ================================================================================
2011/05/25 12:17:10.0387 4800        Scan finished
2011/05/25 12:17:10.0387 4800        ================================================================================
2011/05/25 12:17:10.0418 4504        Detected object count: 0
2011/05/25 12:17:10.0418 4504        Actual detected object count: 0
auf die Eigenen Dateien kann ich zugreifen ohne Probleme. Soll unhide gemacht werden?

cosinus 25.05.2011 13:23
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

oltadela 25.05.2011 18:45
Combofix Logfile:
Code:
ComboFix 11-05-24.06 - xxx 25.05.2011  19:14:41.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1117 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\scvideo.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-25 bis 2011-05-25  ))))))))))))))))))))))))))))))
.
.
2011-05-25 17:28 . 2011-05-25 17:28        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-25 17:12 . 2011-05-25 17:13        --------        d-----w-        C:\32788R22FWJFW
2011-05-25 14:02 . 2011-05-25 14:17        --------        d-----w-        C:\cofi
2011-05-25 07:30 . 2011-05-25 07:30        --------        d-----w-        C:\_OTL
2011-05-24 08:09 . 2011-05-24 08:09        --------        d-----w-        c:\program files\CCleaner
2011-05-23 14:29 . 2011-05-23 14:29        --------        d-----w-        c:\users\Tamara\AppData\Roaming\Malwarebytes
2011-05-23 14:29 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 14:29 . 2011-05-23 14:29        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-23 14:29 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-23 14:28 . 2011-05-23 14:29        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-23 11:49 . 2011-05-23 11:49        98816        ----a-w-        c:\windows\system32\mfps.dll
2011-05-23 11:46 . 2011-05-23 11:46        519680        ----a-w-        c:\windows\system32\d3d11.dll
2011-05-23 11:46 . 2011-05-23 11:46        369664        ----a-w-        c:\windows\system32\WMPhoto.dll
2011-05-23 11:46 . 2011-05-23 11:46        252928        ----a-w-        c:\windows\system32\dxdiag.exe
2011-05-23 11:46 . 2011-05-23 11:46        195584        ----a-w-        c:\windows\system32\dxdiagn.dll
2011-05-23 11:46 . 2011-05-23 11:46        974848        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2011-05-23 11:46 . 2011-05-23 11:46        321024        ----a-w-        c:\windows\system32\PhotoMetadataHandler.dll
2011-05-23 11:46 . 2011-05-23 11:46        189440        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2011-05-23 11:41 . 2010-08-26 16:34        1696256        ----a-w-        c:\windows\system32\gameux.dll
2011-05-23 11:41 . 2010-08-26 16:33        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-05-23 11:41 . 2010-08-26 14:23        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-23 11:41 . 2009-10-23 17:10        714240        ----a-w-        c:\windows\system32\timedate.cpl
2011-05-23 11:41 . 2010-10-19 04:27        7680        ----a-w-        c:\program files\Internet Explorer\iecompat.dll
2011-05-23 11:41 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-05-23 11:41 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-05-23 11:41 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-05-23 11:41 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
2011-05-23 11:40 . 2009-09-10 14:58        1418752        ----a-w-        c:\program files\Windows Media Player\setup_wm.exe
2011-05-23 11:40 . 2009-09-10 14:58        310784        ----a-w-        c:\windows\system32\unregmp2.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-23 11:46 . 2011-05-23 11:46        4096        ----a-w-        c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2011-03-16 10:27 . 2010-12-13 15:29        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-10 17:03 . 2011-04-15 06:43        1162240        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 06:43        1136640        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 06:43        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-03 13:25 . 2011-04-15 06:43        2041856        ----a-w-        c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 06:43        86528        ----a-w-        c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-09 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-09 81920]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe" [2010-04-09 2460472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-9 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 136176]
R3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-30 339624]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
S2 iprip;RIP-Überwachung;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-24 5120]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avgntflt
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs        REG_MULTI_SZ          ntmssvc
LPDService        REG_MULTI_SZ          LPDSVC
ipripsvc        REG_MULTI_SZ          iprip
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23        452136        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 17:15]
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 17:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Tamara\AppData\Roaming\Mozilla\Firefox\Profiles\1rbesmy0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-25 19:28
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  msnmsgr = "c:\program files\MSN Messenger\msnmsgr.exe" /background?g
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-55491585-2591372671-1561957175-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-25  19:37:43
ComboFix-quarantined-files.txt  2011-05-25 17:37
.
Vor Suchlauf: 12 Verzeichnis(se), 142.066.016.256 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 141.998.055.424 Bytes frei
.
- - End Of File - - D6BBBB1A9107002507B8B14F9EB2D6CB
--- --- ---

cosinus 25.05.2011 21:23
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

oltadela 26.05.2011 09:51
GMER Logfile:
Code:
GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-26 09:55:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: 7twej4gl.exe; Driver: C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys


---- System - GMER 1.0.15 ----

SSDT            88F27DEB                                                                                            ZwLoadDriver
SSDT            88F27DF0                                                                                            ZwSetSystemInformation
SSDT            88F27DAF                                                                                            ZwTerminateProcess
SSDT            88F27DAA                                                                                            ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 37D                                                                        826F1B00 4 Bytes  [EB, 7D, F2, 88]
.text          ntkrnlpa.exe!KeSetEvent + 5DD                                                                        826F1D60 4 Bytes  [F0, 7D, F2, 88]
.text          ntkrnlpa.exe!KeSetEvent + 621                                                                        826F1DA4 4 Bytes  [AF, 7D, F2, 88]
.text          ntkrnlpa.exe!KeSetEvent + 681                                                                        826F1E04 4 Bytes  [AA, 7D, F2, 88]
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                            section is writeable [0x8C800340, 0x3481E7, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [742A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [742FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [742ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [7429F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [742A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7429E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [742D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [742ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [7429FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [7429FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [742971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [7432CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [742CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [7429D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [74296853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [7429687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [742A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---




OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 10:26:13 on 26.05.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\xxx\AppData\Local\Temp\catchme.sys  (File not found)
"Coach Digital Camera on USB" (CoachUsb) - "FotoNation Ltd." - C:\Windows\System32\DRIVERS\CoachUsb.sys
"Coach Video Capture" (CoachVc) - "Accapella Ltd." - C:\Windows\System32\DRIVERS\CoachVc.sys
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys
"fwtiipog" (fwtiipog) - ? - C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys  (Hidden registry entry, rootkit activity | File not found)
"Generic Virtual HID Driver" (vhidmini) - ? - C:\Windows\System32\DRIVERS\walvhid.sys  (File not found)
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"Splitcam, WDM Camera Stream Splitter" (SPLITCAM) - "LoteSoft Co." - C:\Windows\System32\DRIVERS\splitcam.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"Tablet Mouse Filter Driver" (moufiltr) - ? - C:\Windows\System32\DRIVERS\moufiltr.sys  (File not found)
"Telekom Netzmanager Packet Filter Driver" (TelekomNM3) - ? - C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma Loader.exe.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"HP Health Check Scheduler" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP LaserJet Professional CM1410 Series Fax" - "Hewlett-Packard Company" - C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"HPUsageTracking" - " " - C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"QlbCtrl" - " Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ToolboxFX" - "Hewlett-Packard Company" - "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
"WAWifiMessage" - "Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Fax Port" - "Hewlett-Packard Company" - C:\Windows\system32\hppfaxprintermon5.dll
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP LaserJet Service" (HP LaserJet Service) - "HP" - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"Symantec RemoteAssist" (Symantec RemoteAssist) - "Symantec, Inc." - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
"Windows Live Setup Service" (WLSetupSvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\system32\SVEN00~1.SCR  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index


MBRCheck:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        Quanta
BIOS Manufacturer:                Hewlett-Packard
System Manufacturer:                Hewlett-Packard
System Product Name:                HP Pavilion dv9500 Notebook PC
Logical Drives Mask:                0x0000001c

Kernel Drivers (total 160):
  0x82645000 \SystemRoot\system32\ntkrnlpa.exe
  0x82612000 \SystemRoot\system32\hal.dll
  0x80402000 \SystemRoot\system32\kdcom.dll
  0x80409000 \SystemRoot\system32\PSHED.dll
  0x8041A000 \SystemRoot\system32\BOOTVID.dll
  0x80422000 \SystemRoot\system32\CLFS.SYS
  0x80463000 \SystemRoot\system32\CI.dll
  0x80543000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80606000 \SystemRoot\system32\drivers\acpi.sys
  0x8064C000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80655000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8065D000 \SystemRoot\system32\drivers\pci.sys
  0x80684000 \SystemRoot\System32\drivers\partmgr.sys
  0x80693000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80696000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x806A0000 \SystemRoot\system32\drivers\volmgr.sys
  0x806AF000 \SystemRoot\System32\drivers\volmgrx.sys
  0x806F9000 \SystemRoot\system32\drivers\pciide.sys
  0x80700000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8070E000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8071E000 \SystemRoot\system32\drivers\atapi.sys
  0x80726000 \SystemRoot\system32\drivers\ataport.SYS
  0x80744000 \SystemRoot\system32\drivers\fltmgr.sys
  0x80776000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80786000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8078F000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x88003000 \SystemRoot\system32\drivers\ndis.sys
  0x8810E000 \SystemRoot\system32\drivers\msrpc.sys
  0x88139000 \SystemRoot\system32\drivers\NETIO.SYS
  0x88209000 \SystemRoot\System32\drivers\tcpip.sys
  0x882F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8840D000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8851D000 \SystemRoot\system32\drivers\wd.sys
  0x88525000 \SystemRoot\system32\drivers\volsnap.sys
  0x8855E000 \SystemRoot\System32\Drivers\spldr.sys
  0x88566000 \SystemRoot\System32\Drivers\mup.sys
  0x88575000 \SystemRoot\System32\drivers\ecache.sys
  0x8859C000 \SystemRoot\system32\drivers\disk.sys
  0x885AD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x885CE000 \SystemRoot\system32\drivers\crcdisk.sys
  0x88400000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x885F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8830E000 \SystemRoot\system32\DRIVERS\amdk8.sys
  0x8831E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x88322000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
  0x88325000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x88335000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8833C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x88345000 \SystemRoot\system32\DRIVERS\nvsmu.sys
  0x88348000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x88352000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x88390000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C409000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
  0x8C50A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8C597000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8C5A7000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8C5B5000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x8C5CF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
  0x8C5DE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
  0x8839F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x88174000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8C60F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
  0x8C800000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8CED0000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8CF70000 \SystemRoot\System32\drivers\watchdog.sys
  0x8CF7C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8CF8F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8CF9A000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8CFC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8CFC7000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8CFD2000 \SystemRoot\system32\DRIVERS\serscan.sys
  0x8C695000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8C6C4000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8CFDA000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8CFE5000 \SystemRoot\system32\DRIVERS\splitcam.sys
  0x8CFEE000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x8C705000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8C72F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8C746000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8C751000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8C774000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8C783000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8C797000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8C7AC000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8CFFB000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8C7BC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8C7C6000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8C7D3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8818C000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8C7DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x881C1000 \SystemRoot\system32\drivers\CHDART.sys
  0x805CC000 \SystemRoot\system32\drivers\portcls.sys
  0x8D602000 \SystemRoot\system32\drivers\drmk.sys
  0x8D627000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8D664000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8D807000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8D8BB000 \SystemRoot\system32\drivers\modem.sys
  0x8D8C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8D8DF000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8D900000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8D909000 \SystemRoot\System32\Drivers\Null.SYS
  0x8D910000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8D917000 \SystemRoot\System32\drivers\vga.sys
  0x8D923000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8D944000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8D94C000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8D954000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8D95F000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8D96D000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8D976000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8D98C000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8D9A0000 \SystemRoot\system32\drivers\afd.sys
  0x8D767000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8D9E8000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x8D799000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8D9F1000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8D800000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
  0x8D7AF000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8D7C2000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8DA0B000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8DA47000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8DA51000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8DA68000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8DA8E000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8DA9B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8DAA6000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x96650000 \SystemRoot\System32\win32k.sys
  0x8DAAE000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8DAB8000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x96870000 \SystemRoot\System32\TSDDD.dll
  0x96890000 \SystemRoot\System32\cdd.dll
  0x968A0000 \SystemRoot\System32\ATMFD.DLL
  0x8DAC7000 \SystemRoot\system32\drivers\luafv.sys
  0x8DAEA000 \SystemRoot\system32\drivers\spsys.sys
  0x8DB9A000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8DBAA000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8DBD4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8DBDE000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9DE00000 \SystemRoot\system32\drivers\HTTP.sys
  0x9DE6D000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9DE8A000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9DEA3000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9DEB8000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9DED9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9DEF8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9DF31000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9DF49000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9DF71000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9DFD8000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x9DFC0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9DFEE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA180D000 \SystemRoot\system32\drivers\peauth.sys
  0xA18EB000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA18F5000 \??\C:\Windows\system32\Drivers\SSPORT.sys
  0xA18FC000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA1908000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA1910000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xA1938000 \??\C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys
  0x77590000 \Windows\System32\ntdll.dll

Processes (total 82):
      0 System Idle Process
      4 System
    428 C:\Windows\System32\smss.exe
    560 csrss.exe
    612 C:\Windows\System32\wininit.exe
    624 csrss.exe
    656 C:\Windows\System32\services.exe
    672 C:\Windows\System32\lsass.exe
    680 C:\Windows\System32\lsm.exe
    828 C:\Windows\System32\winlogon.exe
    848 C:\Windows\System32\svchost.exe
    916 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1168 C:\Windows\System32\audiodg.exe
    1260 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\SLsvc.exe
    1320 C:\Windows\System32\svchost.exe
    1480 C:\Windows\System32\svchost.exe
    1700 C:\Windows\System32\spoolsv.exe
    1728 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1740 C:\Windows\System32\svchost.exe
    2036 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    276 C:\Windows\System32\svchost.exe
    316 HP1006MC.EXE
    336 C:\Windows\System32\CISVC.EXE
    368 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    972 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1996 C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    2064 C:\Windows\System32\svchost.exe
    2080 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2108 C:\Windows\System32\svchost.exe
    2124 C:\Windows\System32\svchost.exe
    2152 C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
    2200 C:\Windows\System32\svchost.exe
    2220 C:\Windows\System32\svchost.exe
    2244 C:\Windows\System32\TCPSVCS.EXE
    2264 C:\Windows\System32\svchost.exe
    2308 C:\Windows\System32\svchost.exe
    2344 C:\Windows\System32\svchost.exe
    2380 C:\Windows\System32\SearchIndexer.exe
    2572 C:\Windows\System32\drivers\XAudio.exe
    2708 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    3104 C:\Windows\System32\dwm.exe
    3152 C:\Windows\System32\taskeng.exe
    3160 C:\Windows\explorer.exe
    3204 C:\Windows\System32\taskeng.exe
    3596 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    3628 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
    1352 C:\Windows\System32\alg.exe
    3432 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2056 C:\Program Files\HP\QuickPlay\QPService.exe
    2316 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    1256 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    1248 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    1180 C:\Program Files\FreePDF_XP\fpassist.exe
    2256 C:\Program Files\HP\HP UT\bin\hppusg.exe
    2964 C:\Windows\System32\rundll32.exe
    1296 C:\Windows\WindowsMobile\wmdSync.exe
    3392 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    2824 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2508 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    1300 C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
    2196 C:\Windows\ehome\ehtray.exe
    2368 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1304 C:\Windows\System32\rundll32.exe
    3660 WmiPrvSE.exe
    1976 C:\Windows\System32\svchost.exe
    3836 C:\Windows\System32\wbem\unsecapp.exe
    3936 C:\Program Files\Windows Media Player\wmpnscfg.exe
    880 C:\Windows\ehome\ehmsas.exe
    4196 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4464 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    6024 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    4960 C:\Windows\System32\conime.exe
    4028 C:\Windows\System32\svchost.exe
    4868 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    476 C:\Windows\System32\SearchProtocolHost.exe
    3968 C:\Windows\System32\SearchFilterHost.exe
    3084 C:\Windows\System32\SearchProtocolHost.exe
    5236 C:\Users\xxx\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`561f5200  (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Das Fenster mit der letzten Frage hab ich jetzt auf.... was soll ich damit machen?

cosinus 26.05.2011 10:36
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

oltadela 26.05.2011 16:28
Hallo Arne,

nach 2 Versuchen hatte ich die CD gebrannt, starten wollte mein PC von der CD nicht. Ging erst nach 5 oder 6 mal Neu starten... plötzlich...
nun, hier die Resultate:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        Quanta
BIOS Manufacturer:                Hewlett-Packard
System Manufacturer:                Hewlett-Packard
System Product Name:                HP Pavilion dv9500 Notebook PC
Logical Drives Mask:                0x0000001c

Kernel Drivers (total 160):
  0x8260D000 \SystemRoot\system32\ntkrnlpa.exe
  0x829C7000 \SystemRoot\system32\hal.dll
  0x80404000 \SystemRoot\system32\kdcom.dll
  0x8040B000 \SystemRoot\system32\PSHED.dll
  0x8041C000 \SystemRoot\system32\BOOTVID.dll
  0x80424000 \SystemRoot\system32\CLFS.SYS
  0x80465000 \SystemRoot\system32\CI.dll
  0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x805C1000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80607000 \SystemRoot\system32\drivers\acpi.sys
  0x8064D000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80656000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8065E000 \SystemRoot\system32\drivers\pci.sys
  0x80685000 \SystemRoot\System32\drivers\partmgr.sys
  0x80694000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80697000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x806A1000 \SystemRoot\system32\drivers\volmgr.sys
  0x806B0000 \SystemRoot\System32\drivers\volmgrx.sys
  0x806FA000 \SystemRoot\system32\drivers\pciide.sys
  0x80701000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8070F000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8071F000 \SystemRoot\system32\drivers\atapi.sys
  0x80727000 \SystemRoot\system32\drivers\ataport.SYS
  0x80745000 \SystemRoot\system32\drivers\fltmgr.sys
  0x80777000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80787000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8800E000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8807F000 \SystemRoot\system32\drivers\ndis.sys
  0x8818A000 \SystemRoot\system32\drivers\msrpc.sys
  0x881B5000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8820B000 \SystemRoot\System32\drivers\tcpip.sys
  0x882F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8840C000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8851C000 \SystemRoot\system32\drivers\wd.sys
  0x88524000 \SystemRoot\system32\drivers\volsnap.sys
  0x8855D000 \SystemRoot\System32\Drivers\spldr.sys
  0x88565000 \SystemRoot\System32\Drivers\mup.sys
  0x88574000 \SystemRoot\System32\drivers\ecache.sys
  0x8859B000 \SystemRoot\system32\drivers\disk.sys
  0x885AC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x885CD000 \SystemRoot\system32\drivers\crcdisk.sys
  0x88400000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x885F6000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x88310000 \SystemRoot\system32\DRIVERS\amdk8.sys
  0x88320000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x88324000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
  0x88327000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x88337000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8833E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x88347000 \SystemRoot\system32\DRIVERS\nvsmu.sys
  0x8834A000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x88354000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x88392000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8BA03000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
  0x8BB04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8BB91000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8BBA1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8BBAF000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x8BBC9000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
  0x8BBD8000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
  0x883A1000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x80790000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8BE0C000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
  0x8C00E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8C6DE000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8C77E000 \SystemRoot\System32\drivers\watchdog.sys
  0x8C78A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8C79D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8C7A8000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8C7D3000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8C7D5000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C7E0000 \SystemRoot\system32\DRIVERS\serscan.sys
  0x8BE92000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8BEC1000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8C7E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8C7F3000 \SystemRoot\system32\DRIVERS\splitcam.sys
  0x8C000000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x8BF02000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8BF2C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8BF43000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8BF4E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BF71000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8BF80000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8BF94000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8BFA9000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8C7FC000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8BFB9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8BFC3000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8BFD0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x807A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8BFD9000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x805CE000 \SystemRoot\system32\drivers\CHDART.sys
  0x8CE02000 \SystemRoot\system32\drivers\portcls.sys
  0x8CE2F000 \SystemRoot\system32\drivers\drmk.sys
  0x8CE54000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8CE91000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8D000000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8D0B4000 \SystemRoot\system32\drivers\modem.sys
  0x8D0C1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8D0D8000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8D0F9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8D102000 \SystemRoot\System32\Drivers\Null.SYS
  0x8D109000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8D110000 \SystemRoot\System32\drivers\vga.sys
  0x8D11C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8D13D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8D145000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8D14D000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8D158000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8D166000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8D16F000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8D185000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8D199000 \SystemRoot\system32\drivers\afd.sys
  0x8CF94000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8D1E1000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x8D1EA000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8CFC6000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8CFD4000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
  0x8CFD6000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8CFE9000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8D204000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8D240000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8D24A000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8D261000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8D287000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8D294000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8D29F000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x95CA0000 \SystemRoot\System32\win32k.sys
  0x8D2A7000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8D2B1000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x95EC0000 \SystemRoot\System32\TSDDD.dll
  0x95EE0000 \SystemRoot\System32\cdd.dll
  0x95EF0000 \SystemRoot\System32\ATMFD.DLL
  0x8D2C0000 \SystemRoot\system32\drivers\luafv.sys
  0x8D2E3000 \SystemRoot\system32\drivers\spsys.sys
  0x8D393000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8D3A3000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8D3CD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8D3D7000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9E00D000 \SystemRoot\system32\drivers\HTTP.sys
  0x9E07A000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9E097000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9E0B0000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9E0C5000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9E0E6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9E105000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9E13E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9E156000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9E17E000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9E1E5000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x9E1CD000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9E1FB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA2E01000 \SystemRoot\system32\drivers\peauth.sys
  0xA2EDF000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA2EE9000 \??\C:\Windows\system32\Drivers\SSPORT.sys
  0xA2EF0000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA2EFC000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA2F04000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xA2F2A000 \SystemRoot\system32\drivers\MSPQM.sys
  0x779C0000 \Windows\System32\ntdll.dll

Processes (total 79):
      0 System Idle Process
      4 System
    408 C:\Windows\System32\smss.exe
    476 csrss.exe
    528 C:\Windows\System32\wininit.exe
    540 csrss.exe
    572 C:\Windows\System32\services.exe
    588 C:\Windows\System32\lsass.exe
    600 C:\Windows\System32\lsm.exe
    688 C:\Windows\System32\winlogon.exe
    784 C:\Windows\System32\svchost.exe
    848 C:\Windows\System32\svchost.exe
    948 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\svchost.exe
    1148 C:\Windows\System32\audiodg.exe
    1168 C:\Windows\System32\svchost.exe
    1192 C:\Windows\System32\SLsvc.exe
    1232 C:\Windows\System32\svchost.exe
    1396 C:\Windows\System32\svchost.exe
    1624 C:\Windows\System32\spoolsv.exe
    1648 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1660 C:\Windows\System32\svchost.exe
    1948 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1988 C:\Windows\System32\svchost.exe
    2000 C:\Windows\System32\CISVC.EXE
    2016 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    200 HP1006MC.EXE
    336 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    288 C:\Windows\System32\taskeng.exe
    1324 C:\Windows\System32\dwm.exe
    520 C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    2064 C:\Windows\explorer.exe
    2148 C:\Windows\System32\svchost.exe
    2164 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2228 C:\Windows\System32\svchost.exe
    2248 C:\Windows\System32\svchost.exe
    2280 C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
    2352 C:\Windows\System32\svchost.exe
    2396 C:\Windows\System32\svchost.exe
    2484 C:\Windows\System32\TCPSVCS.EXE
    2508 C:\Windows\System32\svchost.exe
    2536 C:\Windows\System32\taskeng.exe
    2596 C:\Windows\System32\svchost.exe
    2624 C:\Windows\System32\svchost.exe
    2644 C:\Windows\System32\SearchIndexer.exe
    2792 C:\Windows\System32\drivers\XAudio.exe
    2832 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    3420 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    3452 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
    212 C:\Windows\System32\alg.exe
    3080 WmiPrvSE.exe
    4088 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3828 C:\Program Files\HP\QuickPlay\QPService.exe
    2136 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    1224 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    2236 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    2856 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    2904 C:\Program Files\FreePDF_XP\fpassist.exe
    3612 C:\Program Files\HP\HP UT\bin\hppusg.exe
    3640 C:\Windows\System32\rundll32.exe
    3720 C:\Windows\WindowsMobile\wmdSync.exe
    3200 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    2872 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2816 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3816 C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
    1208 C:\Windows\ehome\ehtray.exe
    3544 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3472 C:\Windows\System32\rundll32.exe
    1468 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3848 C:\Windows\System32\wbem\unsecapp.exe
    3944 WmiPrvSE.exe
    3580 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4072 C:\Windows\System32\svchost.exe
    3592 C:\Windows\ehome\ehmsas.exe
    4356 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    1204 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    5344 C:\Windows\System32\conime.exe
    4692 C:\Users\xxx\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`561f5200  (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
und das zweite:

GMER Logfile:
Code:
GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-26 17:12:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: 7twej4gl.exe; Driver: C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys


---- System - GMER 1.0.15 ----

SSDT            8CDF53A3                                                                                            ZwLoadDriver
SSDT            8CDF53A8                                                                                            ZwSetSystemInformation
SSDT            8CDF5367                                                                                            ZwTerminateProcess
SSDT            8CDF5362                                                                                            ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 37D                                                                        826B9B00 4 Bytes  [A3, 53, DF, 8C]
.text          ntkrnlpa.exe!KeSetEvent + 5DD                                                                        826B9D60 4 Bytes  [A8, 53, DF, 8C]
.text          ntkrnlpa.exe!KeSetEvent + 621                                                                        826B9DA4 4 Bytes  [67, 53, DF, 8C]
.text          ntkrnlpa.exe!KeSetEvent + 681                                                                        826B9E04 4 Bytes  [62, 53, DF, 8C]
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                            section is writeable [0x8C00E340, 0x3481E7, 0xE8000020]
?              C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys                                                      Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [748A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [748FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [748ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [7489F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [748A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7489E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [748D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [748ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [7489FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [7489FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [748971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [7492CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [748CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [7489D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [74896853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [7489687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [748A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 26.05.2011 19:19
Code:
232 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Viel besser! :)

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 10:37 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131