Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   System langsam Viren gefunden (https://www.trojaner-board.de/99908-system-langsam-viren-gefunden.html)

Bio_Fox 03.06.2011 10:55
System langsam Viren gefunden
 
Hallo, Mein Laptop läuft ingesammt sehr Langsamm und deshalb habe ich nach Viren Gesucht mit Malwarebytes' Anti-Malware und welche Gefunden. Könnt ihr Bitte gucken ob es noch andere Viren oder Reste gibt und mir helfen ?


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6753

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

03.06.2011 05:38:37
mbam-log-2011-06-03 (05-38-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 402360
Laufzeit: 2 Stunde(n), 9 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 7
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MNTK1K67YO (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Users\Philipp\AppData\Roaming\winsavesrc.txt (Malware.Trace) -> Quarantined and deleted

cosinus 03.06.2011 21:12
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Bio_Fox 04.06.2011 11:36
Ich sage im voraus schon mal Danke
Ich habe jetzt genau das gemacht was du gesagt hast.
Hier ist der Inhalt der OTL.txt datei.OTL Logfile:
Code:
OTL logfile created on: 04.06.2011 12:18:42 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Philipp\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 64,42% Memory free
5,86 Gb Paging File | 4,53 Gb Available in Paging File | 77,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,21 Gb Total Space | 5,75 Gb Free Space | 4,13% Space Free | Partition Type: NTFS
Drive D: | 139,25 Gb Total Space | 56,95 Gb Free Space | 40,90% Space Free | Partition Type: NTFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.04 12:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
PRC - [2011.06.03 05:40:44 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe
PRC - [2011.04.27 15:14:15 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.17 07:57:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.28 17:13:56 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.29 00:14:23 | 000,040,960 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.17 14:49:38 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe
PRC - [2010.11.05 23:29:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.20 16:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.10.02 18:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.09.25 15:38:16 | 000,312,784 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
PRC - [2009.09.17 18:37:48 | 000,157,968 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2009.09.17 18:37:04 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2009.08.28 22:16:10 | 001,130,504 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GregHSRW.exe
PRC - [2009.08.12 01:29:42 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2009.07.20 18:57:18 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.07.10 16:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.02.01 08:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint2K\Hidfind.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.09.12 12:52:18 | 000,172,032 | ---- | M] () -- C:\Programme\Razer\Lachesis\razerhid.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.06.05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\Lachesis\razerofa.exe
PRC - [2007.02.13 02:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.04 12:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.06.03 05:40:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.27 15:14:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.17 07:57:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.28 17:13:56 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.12.29 00:14:23 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Philipp\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.09.25 15:38:16 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService)
SRV - [2009.09.17 18:37:04 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.12 01:29:42 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 20:23:08 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.02.13 02:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.05.19 10:04:06 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.03.17 07:57:10 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.28 14:57:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.09.15 22:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.10 16:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009.07.02 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.06.10 20:23:08 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009.05.25 05:50:50 | 000,203,824 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.08 00:22:14 | 000,042,144 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2009.05.08 00:14:36 | 000,052,128 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2008.10.31 16:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2008.10.01 19:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Icy Tower Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2928751&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/sk27211/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..extensions.enabledItems: {ff65fdbc-5683-4dfd-9113-1fcb5b0a3447}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/xmas/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/results.php?ch_id=xmas&tb_ver=1.1.7&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 21:52:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.11 21:52:03 | 000,000,000 | ---D | M]
 
[2010.07.29 19:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2011.05.23 09:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\mcdro6qt.default\extensions
[2011.05.08 15:29:44 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\mcdro6qt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.15 21:34:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\mcdro6qt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.12 10:48:32 | 000,000,000 | ---D | M] (Icy Tower Community Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\mcdro6qt.default\extensions\{ff65fdbc-5683-4dfd-9113-1fcb5b0a3447}
[2011.03.12 10:48:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\mcdro6qt.default\extensions\engine@conduit.com
[2011.03.15 21:34:18 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\mcdro6qt.default\extensions\firefox@ghostery.com
[2011.02.22 13:47:00 | 000,000,921 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\mcdro6qt.default\searchplugins\conduit.xml
[2010.12.27 02:26:06 | 000,001,097 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\mcdro6qt.default\searchplugins\icqplugin-1.xml
[2011.03.28 08:19:13 | 000,000,950 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\mcdro6qt.default\searchplugins\icqplugin-2.xml
[2011.02.22 19:55:04 | 000,001,034 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\mcdro6qt.default\searchplugins\icqplugin.xml
[2010.12.28 23:52:32 | 000,004,220 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\mcdro6qt.default\searchplugins\sweetim.xml
[2010.12.27 02:26:06 | 000,002,182 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\mcdro6qt.default\searchplugins\{33982381-2922-43EA-8644-32313B9C67F7}.xml
[2010.12.27 02:26:06 | 000,001,864 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\mcdro6qt.default\searchplugins\{46AD4562-C4B1-43E3-823B-9E9F33016966}.xml
[2010.12.27 02:26:06 | 000,002,071 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\mcdro6qt.default\searchplugins\{8478DAFA-8F83-49B2-8AAB-F0EA64F0C8E7}.xml
[2010.12.27 02:31:17 | 000,001,088 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\mcdro6qt.default\searchplugins\{A8D5AFAC-29FB-4145-8A29-27A83B18A42B}.xml
[2010.12.28 20:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.22 14:53:14 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.04 23:45:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.03 11:06:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 14:53:14 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2010.08.04 23:45:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.03 11:06:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.02 12:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\PHILIPP\PROGRAM FILES\DNA
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.05 20:56:00 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.12.27 02:26:06 | 000,001,678 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.27 02:26:06 | 000,002,647 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.27 02:26:06 | 000,007,045 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.27 02:26:06 | 000,001,272 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.27 02:26:06 | 000,001,164 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.17 23:37:12 | 000,001,508 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1      onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1      orbitservice.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1      static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1      onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1      orbitservice.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1      static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1      onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1      orbitservice.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lachesis] C:\Programme\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Philipp\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5be93c60-2f72-11e0-9ba8-00262d857b2d}\Shell - "" = AutoRun
O33 - MountPoints2\{5be93c60-2f72-11e0-9ba8-00262d857b2d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{65061129-d894-11df-b4e5-00262d857b2d}\Shell - "" = AutoRun
O33 - MountPoints2\{65061129-d894-11df-b4e5-00262d857b2d}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{72b65545-a532-11df-a0e8-00262d857b2d}\Shell - "" = AutoRun
O33 - MountPoints2\{72b65545-a532-11df-a0e8-00262d857b2d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c2d06c1f-815c-11e0-9959-00262d857b2d}\Shell - "" = AutoRun
O33 - MountPoints2\{c2d06c1f-815c-11e0-9959-00262d857b2d}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Users\Philipp\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.04 12:07:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2011.06.02 13:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plasma Pong
[2011.06.02 13:08:07 | 000,000,000 | ---D | C] -- C:\Programme\Plasma Pong
[2011.06.02 13:07:50 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2011.06.02 13:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.02 13:07:43 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.02 13:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.02 13:07:38 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.02 13:07:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.01 17:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011.06.01 17:30:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2011.06.01 16:16:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011.06.01 16:15:37 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2011.06.01 16:15:37 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2011.06.01 16:15:36 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011.06.01 16:15:36 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2011.06.01 16:15:36 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2011.06.01 16:15:36 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011.06.01 16:15:33 | 000,214,352 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFNHK.dll
[2011.06.01 16:15:30 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFCOM.dll
[2011.06.01 16:15:30 | 000,068,944 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFAPO.dll
[2011.06.01 16:15:24 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2011.06.01 16:15:24 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2011.06.01 16:15:24 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2011.06.01 16:15:24 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2011.06.01 16:15:24 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2011.06.01 16:15:24 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2011.06.01 16:15:23 | 003,296,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2011.06.01 16:15:23 | 000,345,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2011.06.01 16:15:23 | 000,102,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2011.06.01 16:15:23 | 000,088,408 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2011.06.01 16:15:23 | 000,061,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2011.06.01 16:15:22 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2011.06.01 16:15:22 | 001,803,608 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2011.06.01 16:15:22 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2011.06.01 16:15:22 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2011.06.01 16:15:22 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2011.06.01 16:15:21 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2011.06.01 16:15:15 | 001,730,112 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2011.06.01 16:15:15 | 001,132,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2011.06.01 16:15:15 | 000,962,664 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2011.06.01 16:15:15 | 000,429,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2011.06.01 16:15:15 | 000,406,120 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2011.06.01 16:15:15 | 000,291,432 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2011.06.01 16:15:15 | 000,224,360 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2011.06.01 16:15:15 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2011.06.01 16:15:14 | 000,901,224 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2011.06.01 16:15:14 | 000,448,616 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2011.06.01 16:15:14 | 000,236,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2011.06.01 16:15:14 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2011.06.01 16:15:14 | 000,106,600 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2011.06.01 16:12:00 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2011.05.31 19:37:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\de_season
[2011.05.31 18:40:40 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\ts3overlay
[2011.05.31 18:39:50 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\TS3Client
[2011.05.31 18:39:41 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011.05.31 18:39:35 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\TeamSpeak 3 Client
[2011.05.29 22:46:35 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\ZPS12
[2011.05.29 22:46:06 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Zoner
[2011.05.29 22:46:06 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Zoner
[2011.05.29 22:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 12
[2011.05.29 22:45:42 | 000,000,000 | ---D | C] -- C:\Programme\Zoner
[2011.05.19 18:42:58 | 000,000,000 | ---D | C] -- C:\Programme\Diablo II
[2011.05.19 10:04:06 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.05.19 10:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.05.19 10:03:54 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2011.05.18 22:18:45 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Homebrew
[2011.05.18 22:10:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011.05.18 22:06:32 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite
[2011.05.18 22:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.05.16 13:40:27 | 000,233,472 | ---- | C] (Alexander Maier) -- C:\Users\Philipp\Desktop\PingPong.exe
[2011.05.16 09:03:19 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Bilder zur präsentation
[2011.05.15 01:09:50 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\AIMP
[2011.05.15 01:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP2
[2011.05.15 01:09:40 | 000,000,000 | ---D | C] -- C:\Programme\AIMP2
[2011.05.13 11:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alex PingPong 1.1
[2011.05.13 11:55:19 | 000,000,000 | ---D | C] -- C:\Programme\Alex PingPong 1.1
[2011.05.12 21:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011.05.12 21:03:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.05.12 21:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.08 15:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.05.08 15:25:42 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.5
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.04 12:18:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.04 12:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2011.06.04 06:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.04 02:54:10 | 000,000,215 | ---- | M] () -- C:\Users\Philipp\Desktop\Call of Duty Black Ops - Multiplayer.url
[2011.06.04 01:30:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.03 21:00:22 | 000,017,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.03 21:00:22 | 000,017,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.03 06:47:00 | 000,003,584 | ---- | M] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.03 05:39:54 | 2360,045,568 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.02 13:08:10 | 000,001,887 | ---- | M] () -- C:\Users\Philipp\Desktop\Plasma Pong.lnk
[2011.06.02 13:07:44 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.01 17:35:48 | 000,000,680 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2011.05.31 18:39:41 | 000,001,223 | ---- | M] () -- C:\Users\Philipp\Desktop\TeamSpeak 3 Client.lnk
[2011.05.29 22:45:57 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Zoner Photo Studio 12.lnk
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.21 23:36:22 | 000,711,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.21 23:36:22 | 000,662,716 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.21 23:36:22 | 000,153,532 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.21 23:36:22 | 000,123,910 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.19 19:15:39 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2011.05.19 19:15:39 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2011.05.19 19:15:39 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2011.05.19 10:22:57 | 000,000,587 | ---- | M] () -- C:\Diablo 2 Expansion - Lord of Destruction - Verknüpfung.lnk
[2011.05.19 10:04:06 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.05.19 10:03:56 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.05.17 13:37:15 | 000,839,109 | ---- | M] () -- C:\Users\Philipp\Documents\gewonnen.png
[2011.05.16 10:49:51 | 000,010,402 | ---- | M] () -- C:\Users\Philipp\Documents\Merktext Philipp, Alex und Judith.odt
[2011.05.15 01:09:42 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\AIMP2.lnk
[2011.05.12 21:03:56 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.05.08 15:27:54 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
 
========== Files Created - No Company Name ==========
 
[2011.06.04 02:53:55 | 000,000,215 | ---- | C] () -- C:\Users\Philipp\Desktop\Call of Duty Black Ops - Multiplayer.url
[2011.06.03 06:47:00 | 000,003,584 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.02 13:08:10 | 000,001,887 | ---- | C] () -- C:\Users\Philipp\Desktop\Plasma Pong.lnk
[2011.06.02 13:07:44 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.01 17:34:58 | 000,000,680 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2011.05.31 18:39:41 | 000,001,223 | ---- | C] () -- C:\Users\Philipp\Desktop\TeamSpeak 3 Client.lnk
[2011.05.29 22:45:57 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Zoner Photo Studio 12.lnk
[2011.05.19 11:10:51 | 000,000,587 | ---- | C] () -- C:\Diablo 2 Expansion - Lord of Destruction - Verknüpfung.lnk
[2011.05.19 10:27:59 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011.05.19 10:27:59 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011.05.19 10:27:59 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011.05.19 10:03:56 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.05.17 13:37:14 | 000,839,109 | ---- | C] () -- C:\Users\Philipp\Documents\gewonnen.png
[2011.05.16 10:49:49 | 000,010,402 | ---- | C] () -- C:\Users\Philipp\Documents\Merktext Philipp, Alex und Judith.odt
[2011.05.15 01:09:41 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\AIMP2.lnk
[2011.05.13 17:22:16 | 000,001,728 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2011.05.13 17:22:16 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011.05.08 15:27:54 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.04.19 11:06:55 | 000,028,160 | ---- | C] () -- C:\Windows\System32\NlsMexicons0045.dll
[2011.03.08 20:19:10 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.12.22 14:59:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.13 12:41:28 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.10.13 12:41:06 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.09.14 08:47:39 | 000,090,112 | ---- | C] () -- C:\Windows\System32\nccad432.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.15 12:34:27 | 000,000,130 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.29 19:55:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.03.10 14:25:31 | 000,711,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.03.10 14:25:31 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.03.10 14:25:31 | 000,153,532 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.03.10 14:25:31 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.03.10 14:13:40 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010.03.10 14:13:40 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010.03.10 14:13:16 | 000,001,794 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.03.10 05:57:34 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.03.10 05:37:10 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.03.10 05:37:10 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.03.10 05:37:10 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010.03.10 05:37:10 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2010.03.10 05:36:16 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010.03.10 05:36:16 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.03.10 05:36:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010.03.10 05:36:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.03.10 05:36:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.03.10 05:36:16 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.10.30 04:51:39 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.10.30 03:15:34 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.10.30 03:15:34 | 000,000,166 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.10.30 03:15:34 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,460,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,662,716 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,123,910 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.02.18 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft
[2011.06.04 06:43:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\AIMP
[2010.10.10 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Black Sea Studios
[2011.05.18 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite
[2011.06.02 13:03:56 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DNA
[2010.08.05 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Foxit
[2010.09.06 10:03:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Foxit Software
[2011.01.04 01:42:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0
[2011.06.04 02:38:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ
[2010.12.27 02:36:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ-Tools.de
[2010.09.14 08:47:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\kosy
[2010.10.13 12:42:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MAGIX
[2010.12.27 02:26:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OCS
[2010.08.05 20:11:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org
[2010.12.27 02:26:06 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Opera
[2010.10.10 09:23:48 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Red Alert 3
[2010.10.22 10:17:21 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Sierra
[2011.04.14 14:52:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\The Games Company
[2011.06.01 13:59:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TS3Client
[2011.05.31 18:40:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ts3overlay
[2010.12.18 23:50:37 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TubeBox
[2011.02.17 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft
[2011.06.02 13:03:56 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\uTorrent
[2010.10.16 22:15:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\XSManager
[2011.05.29 22:46:30 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Zoner
[2011.02.02 23:54:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.18 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft
[2010.08.05 20:50:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Adobe
[2011.06.04 06:43:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\AIMP
[2010.07.28 15:50:07 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Avira
[2010.10.10 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Black Sea Studios
[2011.05.18 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite
[2011.06.02 13:03:56 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DNA
[2011.01.18 11:04:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FastStone
[2010.08.05 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Foxit
[2010.09.06 10:03:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Foxit Software
[2010.07.28 13:12:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Google
[2011.01.04 01:42:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0
[2011.06.04 02:38:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ
[2010.12.27 02:36:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ-Tools.de
[2010.07.28 13:09:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Identities
[2010.12.17 16:13:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\InstallShield
[2010.09.14 08:47:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\kosy
[2010.07.28 13:09:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Macromedia
[2010.10.13 12:42:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MAGIX
[2011.06.02 13:07:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2009.10.30 03:22:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Media Center Programs
[2011.05.08 18:05:41 | 000,000,000 | --SD | M] -- C:\Users\Philipp\AppData\Roaming\Microsoft
[2010.07.29 19:56:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mozilla
[2010.12.27 02:26:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OCS
[2010.08.05 20:11:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org
[2010.12.27 02:26:06 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Opera
[2010.10.10 09:23:48 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Red Alert 3
[2010.10.10 09:14:18 | 000,000,000 | RH-D | M] -- C:\Users\Philipp\AppData\Roaming\SecuROM
[2010.10.22 10:17:21 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Sierra
[2011.05.15 21:04:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Skype
[2011.05.15 20:02:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\skypePM
[2011.04.14 14:52:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\The Games Company
[2011.06.01 13:59:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TS3Client
[2011.05.31 18:40:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ts3overlay
[2010.12.18 23:50:37 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TubeBox
[2011.02.17 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft
[2011.06.02 13:03:56 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\uTorrent
[2011.01.30 20:10:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\vlc
[2010.07.28 14:48:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinRAR
[2010.10.16 22:15:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\XSManager
[2011.05.29 22:46:30 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Zoner
 
< %APPDATA%\*.exe /s >
[2011.02.21 18:17:45 | 000,034,494 | R--- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Installer\{62733593-6322-4C89-8B50-F714305A4DC6}\_6FEFF9B68218417F98F549.exe
[2011.03.07 22:28:24 | 000,010,134 | R--- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6514C169A30B32C1D9071C.exe
[2011.03.07 22:28:24 | 000,034,494 | R--- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe
[2011.03.07 22:28:24 | 000,355,574 | R--- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_A284EAE41E055547217DE7.exe
[2011.03.07 22:28:24 | 000,080,992 | R--- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_BEA59818F40318269C802B.exe
[2011.03.07 22:28:24 | 000,355,574 | R--- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_E3DBAAA0CAF950FA4295EE.exe
[2010.12.29 00:14:23 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Philipp\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2010.12.29 00:14:23 | 000,040,960 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
--- --- ---

cosinus 04.06.2011 12:22
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5be93c60-2f72-11e0-9ba8-00262d857b2d}\Shell - "" = AutoRun
O33 - MountPoints2\{5be93c60-2f72-11e0-9ba8-00262d857b2d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{65061129-d894-11df-b4e5-00262d857b2d}\Shell - "" = AutoRun
O33 - MountPoints2\{65061129-d894-11df-b4e5-00262d857b2d}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{72b65545-a532-11df-a0e8-00262d857b2d}\Shell - "" = AutoRun
O33 - MountPoints2\{72b65545-a532-11df-a0e8-00262d857b2d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c2d06c1f-815c-11e0-9959-00262d857b2d}\Shell - "" = AutoRun
O33 - MountPoints2\{c2d06c1f-815c-11e0-9959-00262d857b2d}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Bio_Fox 04.06.2011 13:02
Das kam dabei raus


========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5be93c60-2f72-11e0-9ba8-00262d857b2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5be93c60-2f72-11e0-9ba8-00262d857b2d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5be93c60-2f72-11e0-9ba8-00262d857b2d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5be93c60-2f72-11e0-9ba8-00262d857b2d}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65061129-d894-11df-b4e5-00262d857b2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65061129-d894-11df-b4e5-00262d857b2d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65061129-d894-11df-b4e5-00262d857b2d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65061129-d894-11df-b4e5-00262d857b2d}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72b65545-a532-11df-a0e8-00262d857b2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72b65545-a532-11df-a0e8-00262d857b2d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72b65545-a532-11df-a0e8-00262d857b2d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72b65545-a532-11df-a0e8-00262d857b2d}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2d06c1f-815c-11e0-9959-00262d857b2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d06c1f-815c-11e0-9959-00262d857b2d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2d06c1f-815c-11e0-9959-00262d857b2d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d06c1f-815c-11e0-9959-00262d857b2d}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06042011_140201

cosinus 05.06.2011 11:44
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Bio_Fox 05.06.2011 13:15
Das stand im Log


2011/06/05 14:11:11.0517 2884 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 14:11:11.0725 2884 ================================================================================
2011/06/05 14:11:11.0725 2884 SystemInfo:
2011/06/05 14:11:11.0725 2884
2011/06/05 14:11:11.0725 2884 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/05 14:11:11.0725 2884 Product type: Workstation
2011/06/05 14:11:11.0726 2884 ComputerName: PHILIPP-PC
2011/06/05 14:11:11.0726 2884 UserName: Philipp
2011/06/05 14:11:11.0726 2884 Windows directory: C:\Windows
2011/06/05 14:11:11.0726 2884 System windows directory: C:\Windows
2011/06/05 14:11:11.0726 2884 Processor architecture: Intel x86
2011/06/05 14:11:11.0726 2884 Number of processors: 2
2011/06/05 14:11:11.0726 2884 Page size: 0x1000
2011/06/05 14:11:11.0726 2884 Boot type: Normal boot
2011/06/05 14:11:11.0726 2884 ================================================================================
2011/06/05 14:11:12.0498 2884 Initialize success
2011/06/05 14:11:27.0939 2556 ================================================================================
2011/06/05 14:11:27.0939 2556 Scan started
2011/06/05 14:11:27.0939 2556 Mode: Manual;
2011/06/05 14:11:27.0939 2556 ================================================================================
2011/06/05 14:11:29.0477 2556 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/05 14:11:29.0549 2556 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/05 14:11:29.0723 2556 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/05 14:11:29.0836 2556 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/05 14:11:29.0902 2556 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/05 14:11:30.0013 2556 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/05 14:11:30.0111 2556 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/06/05 14:11:30.0171 2556 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/05 14:11:30.0305 2556 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/05 14:11:30.0426 2556 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/05 14:11:30.0492 2556 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/05 14:11:30.0559 2556 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/05 14:11:30.0626 2556 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/05 14:11:30.0697 2556 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/05 14:11:30.0787 2556 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/06/05 14:11:30.0854 2556 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/05 14:11:30.0944 2556 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/06/05 14:11:31.0090 2556 ApfiltrService (f5621e9033cf5b3dae91691f74d2c41f) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/05 14:11:31.0166 2556 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/05 14:11:31.0302 2556 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/05 14:11:31.0348 2556 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/05 14:11:31.0396 2556 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 14:11:31.0504 2556 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/05 14:11:31.0590 2556 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
2011/06/05 14:11:31.0754 2556 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/05 14:11:31.0792 2556 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/05 14:11:31.0921 2556 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/05 14:11:31.0992 2556 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/05 14:11:32.0115 2556 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/05 14:11:32.0158 2556 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/05 14:11:32.0212 2556 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 14:11:32.0302 2556 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/05 14:11:32.0330 2556 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/05 14:11:32.0365 2556 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/05 14:11:32.0429 2556 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/05 14:11:32.0491 2556 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/05 14:11:32.0546 2556 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/05 14:11:32.0629 2556 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/05 14:11:32.0690 2556 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/05 14:11:32.0762 2556 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/05 14:11:32.0851 2556 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/06/05 14:11:32.0942 2556 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/05 14:11:33.0028 2556 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\Windows\system32\drivers\btusbflt.sys
2011/06/05 14:11:33.0116 2556 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\Windows\system32\drivers\btwaudio.sys
2011/06/05 14:11:33.0182 2556 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/06/05 14:11:33.0283 2556 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/06/05 14:11:33.0340 2556 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/05 14:11:33.0414 2556 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 14:11:33.0505 2556 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/05 14:11:33.0606 2556 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/05 14:11:33.0652 2556 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/05 14:11:33.0782 2556 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/05 14:11:33.0838 2556 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/05 14:11:33.0946 2556 cmnsusbser (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
2011/06/05 14:11:34.0015 2556 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/05 14:11:34.0099 2556 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/05 14:11:34.0148 2556 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/05 14:11:34.0188 2556 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/05 14:11:34.0280 2556 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/06/05 14:11:34.0371 2556 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 14:11:34.0448 2556 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/05 14:11:34.0517 2556 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/05 14:11:34.0607 2556 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/06/05 14:11:34.0676 2556 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 14:11:34.0739 2556 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/06/05 14:11:34.0847 2556 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 14:11:35.0125 2556 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/05 14:11:35.0390 2556 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/05 14:11:35.0432 2556 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/05 14:11:35.0578 2556 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/05 14:11:35.0611 2556 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 14:11:35.0713 2556 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 14:11:35.0751 2556 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 14:11:35.0783 2556 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 14:11:35.0809 2556 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 14:11:35.0903 2556 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 14:11:35.0952 2556 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/05 14:11:35.0976 2556 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 14:11:36.0068 2556 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/05 14:11:36.0131 2556 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/05 14:11:36.0266 2556 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/05 14:11:36.0320 2556 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/06/05 14:11:36.0359 2556 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 14:11:36.0452 2556 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/05 14:11:36.0481 2556 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/05 14:11:36.0509 2556 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/05 14:11:36.0627 2556 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 14:11:36.0692 2556 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/05 14:11:36.0828 2556 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/05 14:11:36.0935 2556 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/05 14:11:36.0993 2556 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 14:11:37.0022 2556 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/05 14:11:37.0157 2556 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/05 14:11:37.0244 2556 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/05 14:11:37.0356 2556 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/06/05 14:11:37.0743 2556 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/05 14:11:38.0094 2556 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/05 14:11:38.0141 2556 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
2011/06/05 14:11:38.0329 2556 IntcAzAudAddService (763fa415837a3768cf5e6c6fb8626602) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/05 14:11:38.0520 2556 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\Windows\system32\drivers\IntcHdmi.sys
2011/06/05 14:11:38.0553 2556 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/05 14:11:38.0597 2556 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 14:11:38.0710 2556 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 14:11:38.0762 2556 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/05 14:11:38.0857 2556 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/05 14:11:38.0897 2556 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/05 14:11:38.0924 2556 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/05 14:11:39.0020 2556 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/05 14:11:39.0129 2556 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/06/05 14:11:39.0244 2556 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/05 14:11:39.0305 2556 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/05 14:11:39.0336 2556 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/05 14:11:39.0424 2556 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/05 14:11:39.0498 2556 L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
2011/06/05 14:11:39.0628 2556 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/05 14:11:39.0691 2556 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/05 14:11:39.0798 2556 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/05 14:11:39.0850 2556 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/05 14:11:39.0951 2556 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/05 14:11:39.0993 2556 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/05 14:11:40.0137 2556 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/05 14:11:40.0178 2556 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/05 14:11:40.0266 2556 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/05 14:11:40.0309 2556 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/05 14:11:40.0347 2556 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/05 14:11:40.0450 2556 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/05 14:11:40.0496 2556 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/05 14:11:40.0614 2556 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/05 14:11:40.0653 2556 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/05 14:11:40.0688 2556 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/05 14:11:40.0788 2556 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/05 14:11:40.0836 2556 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/05 14:11:40.0949 2556 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/05 14:11:40.0997 2556 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/05 14:11:41.0037 2556 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/05 14:11:41.0122 2556 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/05 14:11:41.0163 2556 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/05 14:11:41.0282 2556 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/05 14:11:41.0360 2556 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/05 14:11:41.0383 2556 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/05 14:11:41.0479 2556 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/05 14:11:41.0526 2556 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/05 14:11:41.0554 2556 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/05 14:11:41.0641 2556 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/05 14:11:41.0684 2556 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/05 14:11:41.0794 2556 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/05 14:11:41.0829 2556 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/05 14:11:41.0858 2556 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/05 14:11:41.0978 2556 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/05 14:11:42.0045 2556 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/05 14:11:42.0161 2556 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/05 14:11:42.0211 2556 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/05 14:11:42.0315 2556 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/05 14:11:42.0350 2556 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/05 14:11:42.0379 2556 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/05 14:11:42.0479 2556 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/05 14:11:42.0518 2556 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/05 14:11:42.0803 2556 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
2011/06/05 14:11:43.0171 2556 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/06/05 14:11:43.0392 2556 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/05 14:11:43.0464 2556 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/05 14:11:43.0505 2556 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/05 14:11:43.0642 2556 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/06/05 14:11:43.0781 2556 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
2011/06/05 14:11:43.0831 2556 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/05 14:11:43.0883 2556 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/06/05 14:11:43.0997 2556 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/06/05 14:11:44.0048 2556 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/05 14:11:44.0157 2556 O2MDRDR (922046f114ac0c1b2484bcdd5ca43c07) C:\Windows\system32\DRIVERS\o2media.sys
2011/06/05 14:11:44.0219 2556 O2SDRDR (51c368f577513feb59ed70b45e930076) C:\Windows\system32\DRIVERS\o2sd.sys
2011/06/05 14:11:44.0330 2556 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/05 14:11:44.0395 2556 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/05 14:11:44.0500 2556 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/05 14:11:44.0528 2556 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/05 14:11:44.0560 2556 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/05 14:11:44.0590 2556 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/05 14:11:44.0682 2556 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/05 14:11:44.0711 2556 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/05 14:11:44.0749 2556 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/05 14:11:44.0932 2556 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/05 14:11:44.0961 2556 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/05 14:11:45.0078 2556 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/05 14:11:45.0158 2556 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/05 14:11:45.0283 2556 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/05 14:11:45.0339 2556 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/05 14:11:45.0366 2556 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/05 14:11:45.0452 2556 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/05 14:11:45.0506 2556 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/05 14:11:45.0614 2556 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/05 14:11:45.0658 2556 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/05 14:11:45.0755 2556 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/05 14:11:45.0792 2556 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/05 14:11:45.0822 2556 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/05 14:11:45.0918 2556 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/06/05 14:11:45.0971 2556 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/05 14:11:46.0067 2556 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/05 14:11:46.0104 2556 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/05 14:11:46.0237 2556 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/05 14:11:46.0277 2556 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/06/05 14:11:46.0401 2556 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/05 14:11:46.0481 2556 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/05 14:11:46.0559 2556 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/05 14:11:46.0644 2556 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/05 14:11:46.0733 2556 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/05 14:11:46.0812 2556 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/05 14:11:46.0950 2556 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/05 14:11:47.0010 2556 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/05 14:11:47.0087 2556 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/05 14:11:47.0146 2556 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/05 14:11:47.0203 2556 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/05 14:11:47.0280 2556 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/05 14:11:47.0349 2556 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/05 14:11:47.0380 2556 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/05 14:11:47.0470 2556 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/05 14:11:47.0539 2556 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/05 14:11:47.0607 2556 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/05 14:11:47.0679 2556 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/05 14:11:47.0760 2556 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/05 14:11:47.0875 2556 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/06/05 14:11:47.0931 2556 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/05 14:11:48.0032 2556 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/05 14:11:48.0116 2556 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/06/05 14:11:48.0264 2556 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/06/05 14:11:48.0380 2556 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/05 14:11:48.0453 2556 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/05 14:11:48.0575 2556 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/05 14:11:48.0619 2556 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/05 14:11:48.0696 2556 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/05 14:11:48.0747 2556 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/05 14:11:48.0866 2556 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/06/05 14:11:49.0010 2556 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/05 14:11:49.0111 2556 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/05 14:11:49.0143 2556 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/05 14:11:49.0171 2556 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/05 14:11:49.0204 2556 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/05 14:11:49.0294 2556 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/05 14:11:49.0373 2556 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/05 14:11:49.0478 2556 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/05 14:11:49.0511 2556 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/05 14:11:49.0558 2556 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
2011/06/05 14:11:49.0644 2556 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/05 14:11:49.0694 2556 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/05 14:11:49.0739 2556 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/05 14:11:49.0825 2556 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/05 14:11:49.0893 2556 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/05 14:11:49.0928 2556 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/05 14:11:49.0985 2556 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/05 14:11:50.0107 2556 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/05 14:11:50.0144 2556 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
2011/06/05 14:11:50.0180 2556 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/05 14:11:50.0277 2556 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/05 14:11:50.0330 2556 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/05 14:11:50.0434 2556 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/05 14:11:50.0490 2556 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/05 14:11:50.0529 2556 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/05 14:11:50.0615 2556 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/05 14:11:50.0649 2556 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/05 14:11:50.0694 2556 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/05 14:11:50.0785 2556 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/05 14:11:50.0817 2556 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/05 14:11:50.0869 2556 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/05 14:11:50.0972 2556 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/05 14:11:51.0003 2556 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/05 14:11:51.0038 2556 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/05 14:11:51.0130 2556 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/05 14:11:51.0182 2556 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/05 14:11:51.0217 2556 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/05 14:11:51.0304 2556 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/05 14:11:51.0371 2556 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/05 14:11:51.0413 2556 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/05 14:11:51.0513 2556 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 14:11:51.0530 2556 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 14:11:51.0583 2556 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/05 14:11:51.0626 2556 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/05 14:11:51.0767 2556 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/05 14:11:51.0798 2556 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/05 14:11:51.0866 2556 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/05 14:11:52.0027 2556 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/05 14:11:52.0092 2556 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/05 14:11:52.0231 2556 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/05 14:11:52.0283 2556 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/05 14:11:52.0388 2556 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/06/05 14:11:52.0463 2556 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
2011/06/05 14:11:52.0531 2556 ================================================================================
2011/06/05 14:11:52.0531 2556 Scan finished
2011/06/05 14:11:52.0531 2556 ================================================================================
2011/06/05 14:11:52.0548 4128 Detected object count: 0
2011/06/05 14:11:52.0548 4128 Actual detected object count: 0

cosinus 05.06.2011 14:11
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Bio_Fox 05.06.2011 14:51
Ich hab es so gemacht wie beschrieben das ist das Ergebnis.


Combofix Logfile:
Code:
ComboFix 11-06-05.01 - Philipp 05.06.2011  15:31:31.1.2 - x86
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.3001.2053 [GMT 2:00]
ausgeführt von:: c:\users\Philipp\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-05-05 bis 2011-06-05  ))))))))))))))))))))))))))))))
.
.
2011-06-05 13:37 . 2011-06-05 13:37        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-06-04 12:02 . 2011-06-04 12:02        --------        d-----w-        C:\_OTL
2011-06-03 13:51 . 2011-05-09 20:46        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C75C5B2A-EB5C-438E-98B8-4BCDE5663EEA}\mpengine.dll
2011-06-02 11:08 . 2011-06-02 11:08        --------        d-----w-        c:\program files\Plasma Pong
2011-06-02 11:07 . 2011-06-02 11:07        --------        d-----w-        c:\users\Philipp\AppData\Roaming\Malwarebytes
2011-06-02 11:07 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-02 11:07 . 2011-06-02 11:07        --------        d-----w-        c:\programdata\Malwarebytes
2011-06-02 11:07 . 2011-06-02 11:07        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-06-02 11:07 . 2011-05-29 07:11        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-06-01 15:30 . 2011-06-01 15:32        --------        d-----w-        c:\program files\Common Files\Blizzard Entertainment
2011-06-01 14:16 . 2011-06-01 14:16        --------        d-----w-        c:\windows\system32\RTCOM
2011-06-01 14:14 . 2005-11-13 21:19        5632        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-06-01 14:12 . 2011-06-01 14:12        --------        d-----w-        c:\program files\Realtek
2011-05-31 16:40 . 2011-05-31 16:40        --------        d-----w-        c:\users\Philipp\AppData\Roaming\ts3overlay
2011-05-31 16:39 . 2011-06-01 11:59        --------        d-----w-        c:\users\Philipp\AppData\Roaming\TS3Client
2011-05-31 16:39 . 2011-05-31 16:39        --------        d-----w-        c:\users\Philipp\AppData\Local\TeamSpeak 3 Client
2011-05-29 20:46 . 2011-05-29 20:46        --------        d-----w-        c:\users\Philipp\AppData\Roaming\Zoner
2011-05-29 20:46 . 2011-05-29 20:46        --------        d-----w-        c:\users\Philipp\AppData\Local\Zoner
2011-05-29 20:45 . 2011-05-29 20:45        --------        d-----w-        c:\program files\Zoner
2011-05-25 04:59 . 2011-04-22 19:36        26496        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2011-05-19 16:42 . 2011-06-01 15:30        --------        d-----w-        c:\program files\Diablo II
2011-05-19 08:27 . 2011-05-19 17:15        21840        ----atw-        c:\windows\system32\SIntfNT.dll
2011-05-19 08:27 . 2011-05-19 17:15        17212        ----atw-        c:\windows\system32\SIntf32.dll
2011-05-19 08:27 . 2011-05-19 17:15        12067        ----atw-        c:\windows\system32\SIntf16.dll
2011-05-19 08:04 . 2011-05-19 08:04        218688        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-19 08:03 . 2011-05-19 08:04        --------        d-----w-        c:\program files\DAEMON Tools Lite
2011-05-18 20:06 . 2011-05-18 20:10        --------        d-----w-        c:\users\Philipp\AppData\Roaming\DAEMON Tools Lite
2011-05-18 20:06 . 2011-05-18 20:06        --------        d-----w-        c:\programdata\DAEMON Tools Lite
2011-05-14 23:09 . 2011-06-04 11:59        --------        d-----w-        c:\users\Philipp\AppData\Roaming\AIMP
2011-05-14 23:09 . 2011-05-14 23:09        --------        d-----w-        c:\program files\AIMP2
2011-05-13 09:55 . 2011-05-13 09:55        --------        d-----w-        c:\program files\Alex PingPong 1.1
2011-05-12 19:05 . 2011-05-12 19:05        --------        d-----w-        c:\programdata\Skype Extras
2011-05-12 19:03 . 2011-05-12 19:03        --------        d-----w-        c:\program files\Common Files\Skype
2011-05-12 11:15 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\system32\poqexec.exe
2011-05-10 22:58 . 2011-03-25 03:06        284160        ----a-w-        c:\windows\system32\drivers\usbport.sys
2011-05-10 22:58 . 2011-03-25 03:06        43008        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2011-05-10 22:58 . 2011-03-25 03:06        258560        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2011-05-10 22:58 . 2011-03-25 03:06        75776        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2011-05-10 22:58 . 2011-03-25 03:06        20480        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2011-05-10 22:58 . 2011-03-25 03:06        24064        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2011-05-10 22:58 . 2011-03-25 03:06        5888        ----a-w-        c:\windows\system32\drivers\usbd.sys
2011-05-10 22:58 . 2011-04-09 06:13        3957632        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-05-10 22:58 . 2011-04-09 06:13        3901824        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-05-08 13:25 . 2011-05-08 13:30        --------        d-----w-        c:\program files\ICQ7.5
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-19 09:06 . 2011-04-19 09:06        28160        ----a-w-        c:\windows\system32\NlsMexicons0045.dll
2011-04-12 19:47 . 2011-04-12 19:47        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2011-04-12 19:47 . 2011-04-12 19:47        161792        ----a-w-        c:\windows\system32\msls31.dll
2011-04-12 19:47 . 2011-04-12 19:47        1126912        ----a-w-        c:\windows\system32\wininet.dll
2011-04-12 19:47 . 2011-04-12 19:47        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2011-04-12 19:47 . 2011-04-12 19:47        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2011-04-12 19:47 . 2011-04-12 19:47        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2011-04-12 19:47 . 2011-04-12 19:47        74752        ----a-w-        c:\windows\system32\iesetup.dll
2011-04-12 19:47 . 2011-04-12 19:47        63488        ----a-w-        c:\windows\system32\tdc.ocx
2011-04-12 19:47 . 2011-04-12 19:47        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2011-04-12 19:47 . 2011-04-12 19:47        420864        ----a-w-        c:\windows\system32\vbscript.dll
2011-04-12 19:47 . 2011-04-12 19:47        367104        ----a-w-        c:\windows\system32\html.iec
2011-04-12 19:47 . 2011-04-12 19:47        35840        ----a-w-        c:\windows\system32\imgutil.dll
2011-04-12 19:47 . 2011-04-12 19:47        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2011-04-12 19:47 . 2011-04-12 19:47        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2011-04-12 19:47 . 2011-04-12 19:47        1797632        ----a-w-        c:\windows\system32\jscript9.dll
2011-04-12 19:47 . 2011-04-12 19:47        152064        ----a-w-        c:\windows\system32\wextract.exe
2011-04-12 19:47 . 2011-04-12 19:47        150528        ----a-w-        c:\windows\system32\iexpress.exe
2011-04-12 19:47 . 2011-04-12 19:47        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2011-04-12 19:47 . 2011-04-12 19:47        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-04-12 19:47 . 2011-04-12 19:47        11776        ----a-w-        c:\windows\system32\mshta.exe
2011-04-12 19:47 . 2011-04-12 19:47        101888        ----a-w-        c:\windows\system32\admparse.dll
2011-03-17 05:57 . 2010-07-28 11:34        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-12 11:31 . 2011-04-27 19:57        442880        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-03-11 05:44 . 2011-04-27 19:57        146304        ----a-w-        c:\windows\system32\drivers\storport.sys
2011-03-11 05:44 . 2011-04-27 19:57        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:44 . 2011-04-27 19:57        1210240        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:44 . 2011-04-27 19:57        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:43 . 2011-04-27 19:57        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:43 . 2011-04-27 19:57        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:43 . 2011-04-27 19:57        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:40 . 2011-04-16 08:46        1164288        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-16 08:46        1137664        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-11 05:39 . 2011-04-27 19:57        1686016        ----a-w-        c:\windows\system32\esent.dll
2011-03-11 05:37 . 2011-04-27 19:57        74240        ----a-w-        c:\windows\system32\fsutil.exe
2011-03-08 05:38 . 2011-04-16 08:49        740864        ----a-w-        c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17        1487240        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"starter4g"="c:\windows\starter4g.exe" [2009-09-17 157968]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Ocs_SM"="c:\users\Philipp\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-12-28 106496]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-20 421888]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 217088]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-03 10082920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-3-10 708608]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08        935288        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 11:08        35696        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-08-15 10:32        323392        ----a-w-        c:\users\Philipp\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2011-02-23 21:23        2251064        ----a-w-        c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20        1305408        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-05-08 13:26        124216        ----a-w-        c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44        248552        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-30 00:45        39408        ----a-w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-02-12 07:49        396152        ----a-w-        c:\program files\uTorrent\uTorrent.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-02 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2008-10-31 103424]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-19 218688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Philipp\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010-12-28 40960]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2009-09-25 312784]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2009-09-17 125200]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService        REG_MULTI_SZ          HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 11:41]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 11:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/sk27211/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5730&r=270507108806l0498z205x5561h22s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C4DB91F9-C3DA-4E22-880F-94606BBE832F}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\mcdro6qt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2928751&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/sk27211/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Icy Tower Community Toolbar: {ff65fdbc-5683-4dfd-9113-1fcb5b0a3447} - %profile%\extensions\{ff65fdbc-5683-4dfd-9113-1fcb5b0a3447}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3290473666-1717558581-2562722093-1004\Software\SecuROM\License information*]
"datasecu"=hex:9d,46,33,4d,80,84,a2,45,e9,3e,f4,1a,ba,ac,b9,a4,b6,c7,e9,82,ab,
  57,4a,ed,64,e5,b0,b0,41,78,2f,b4,55,05,5a,a4,9f,45,88,ea,41,58,86,1d,6b,8d,\
"rkeysecu"=hex:dc,69,69,65,a9,a5,0a,c1,1b,fa,45,9e,19,85,55,9c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1888)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\windows\System32\SysHook.dll
.
Zeit der Fertigstellung: 2011-06-05  15:39:55
ComboFix-quarantined-files.txt  2011-06-05 13:39
.
Vor Suchlauf: 5.239.812.096 Bytes frei
Nach Suchlauf: 4.784.463.872 Bytes frei
.
- - End Of File - - 3B3CA8177F7ACF8EAE8112A640F55374
--- --- ---

cosinus 05.06.2011 14:58
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Bio_Fox 05.06.2011 18:59
Das kam bei OSAM raus:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 19:53:24 on 05.06.2011

OS: Windows 7  (Build 7600), 32-bit
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"agdiyfod" (agdiyfod) - ? - C:\Users\Philipp\AppData\Local\Temp\agdiyfod.sys  (Hidden registry entry, rootkit activity | File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Philipp\AppData\Local\Temp\catchme.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"int15" (int15) - "Acer, Inc." - C:\Windows\system32\drivers\int15.sys
"ISO DVD/CD-ROM Device Driver" (ISODrive) - "EZB Systems, Inc." - C:\Program Files\UltraISO\drivers\ISODrive.sys
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{1F77B17B-F531-44DB-ACA4-76ABB5010A28} "AIMP2: ShellExt" - "AIMP DevTeam" - C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -  (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -  (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -  (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -  (File not found | COM-object registry key not found)
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" - "EZB Systems, Inc." - C:\Program Files\UltraISO\isoshell.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Foxit PDF Creator Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Foxit PDF Creator Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Foxit PDF Creator Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Steam" - "Valve Corporation" - "C:\Program Files\Steam\Steam.exe" -silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"Lachesis" - ? - C:\Program Files\Razer\Lachesis\razerhid.exe
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Ocs_SM" - "OCS" - C:\Users\Philipp\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"starter4g" - "4G Systems GmbH & Co. KG" - C:\Windows\starter4g.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GRegService" (Greg_Service) - "Acer Incorporated" - C:\Program Files\Acer\Registration\GregHSRW.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Philipp\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Updater Service" (Updater Service) - "Acer" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
"WTGService" (WTGService) - ? - C:\Program Files\XSManager\WTGService.exe  (File found, but it contains no detailed information)
"XS Stick Service" (XS Stick Service) - "4G Systems GmbH & Co. KG" - C:\Windows\service4g.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index





und das kam bei MBRCheck raus:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: TravelMate 5730
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 208):
0x83209000 \SystemRoot\system32\ntkrnlpa.exe
0x83619000 \SystemRoot\system32\halmacpi.dll
0x80BA3000 \SystemRoot\system32\kdcom.dll
0x8B02C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B0A4000 \SystemRoot\system32\PSHED.dll
0x8B0B5000 \SystemRoot\system32\BOOTVID.dll
0x8B0BD000 \SystemRoot\system32\CLFS.SYS
0x8B0FF000 \SystemRoot\system32\CI.dll
0x8B223000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B294000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B2A2000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B2EA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B2F3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B2FB000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B325000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B330000 \SystemRoot\System32\drivers\partmgr.sys
0x8B341000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B349000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B354000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B364000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B3AF000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B426000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B500000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B509000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B52C000 \SystemRoot\system32\drivers\amdxata.sys
0x8B535000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B569000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B60B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B73A000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B765000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B778000 \SystemRoot\System32\Drivers\cng.sys
0x8B7D5000 \SystemRoot\System32\drivers\pcw.sys
0x8B7E3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B81B000 \SystemRoot\system32\drivers\ndis.sys
0x8B8D2000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B910000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B935000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B93E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B97D000 \SystemRoot\System32\Drivers\spldr.sys
0x8B985000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B9B2000 \SystemRoot\System32\Drivers\mup.sys
0x8B9C2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B9CA000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B800000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B57A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8F908000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F927000 \SystemRoot\System32\Drivers\Null.SYS
0x8F92E000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F935000 \SystemRoot\System32\drivers\vga.sys
0x8F941000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F962000 \SystemRoot\System32\drivers\watchdog.sys
0x8F96F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F977000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F97F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8F987000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F992000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90E27000 \SystemRoot\System32\drivers\tcpip.sys
0x90F70000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90FA1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90FB8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90FC3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F9A0000 \SystemRoot\system32\drivers\afd.sys
0x90FF5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90E00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F800000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8B59F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B5AD000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x8B5E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B400000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90E1F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8B1AA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F811000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B811000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B3C5000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0x8B410000 \SystemRoot\System32\drivers\discache.sys
0x93A1F000 \SystemRoot\system32\drivers\csc.sys
0x93A83000 \SystemRoot\System32\Drivers\dfsc.sys
0x93A9B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x93AA9000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x93ACF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x94203000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x94B20000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93AF0000 \SystemRoot\System32\drivers\dxgmms1.sys
0x94BD7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x93B29000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x94BE2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x93B74000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x93B93000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x95E1C000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x95E00000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x95A33000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x95A61000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x95A6A000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x95A90000 \SystemRoot\system32\DRIVERS\o2media.sys
0x95A9C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x95AA0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x95AB8000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x95AC2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x95ACF000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x95B05000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x95B12000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x95B1A000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x95B22000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x95B2B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x95B3D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x95B4A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x95B5C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x95B74000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x95B7F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x95BA1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x95BB9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x95BD0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x95BE7000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x95BF1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x98236000 \SystemRoot\system32\DRIVERS\ks.sys
0x9826A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x98278000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x982BC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9A234000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9A586000 \SystemRoot\system32\drivers\portcls.sys
0x9A5B5000 \SystemRoot\system32\drivers\drmk.sys
0x982CD000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x9901F000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x99121000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x991D6000 \SystemRoot\system32\drivers\modem.sys
0x9A5CE000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x82060000 \SystemRoot\System32\win32k.sys
0x991E3000 \SystemRoot\System32\drivers\Dxapi.sys
0x99000000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x99017000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9A200000 \SystemRoot\System32\Drivers\usbvideo.sys
0x991ED000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9830A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x983E4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9A224000 \SystemRoot\system32\DRIVERS\monitor.sys
0x822C0000 \SystemRoot\System32\TSDDD.dll
0x822F0000 \SystemRoot\System32\cdd.dll
0x9A5F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x98200000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x98213000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9821A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98225000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x95A00000 \SystemRoot\system32\drivers\luafv.sys
0x95A1B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x93BD4000 \SystemRoot\system32\drivers\WudfPf.sys
0x95E0A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F81B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x93BEE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x93A00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8F861000 \SystemRoot\system32\drivers\HTTP.sys
0x8F8E6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B7EC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8B3DC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B83A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B875000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B8B1000 \??\C:\Windows\system32\drivers\int15.sys
0x9B8B9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9B8BD000 \SystemRoot\system32\drivers\peauth.sys
0x9B954000 \SystemRoot\system32\drivers\regi.sys
0x9B956000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B960000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B981000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B98E000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0x9B996000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB461C000 \SystemRoot\System32\DRIVERS\srv.sys
0xB466E000 \SystemRoot\System32\drivers\ipnat.sys
0xB46FE000 \??\C:\Users\Philipp\AppData\Local\Temp\catchme.sys
0xB4706000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xB470F000 \??\C:\Users\Philipp\AppData\Local\Temp\agdiyfod.sys
0x77750000 \Windows\System32\ntdll.dll
0x483C0000 \Windows\System32\smss.exe
0x77990000 \Windows\System32\apisetschema.dll
0x00950000 \Windows\System32\autochk.exe
0x76B00000 \Windows\System32\shell32.dll
0x77920000 \Windows\System32\difxapi.dll
0x76A60000 \Windows\System32\advapi32.dll
0x768A0000 \Windows\System32\iertutil.dll
0x76800000 \Windows\System32\usp10.dll
0x778D0000 \Windows\System32\Wldap32.dll
0x766E0000 \Windows\System32\wininet.dll
0x76630000 \Windows\System32\msvcrt.dll
0x778C0000 \Windows\System32\lpk.dll
0x76560000 \Windows\System32\msctf.dll
0x76400000 \Windows\System32\ole32.dll
0x76380000 \Windows\System32\comdlg32.dll
0x778B0000 \Windows\System32\psapi.dll
0x76340000 \Windows\System32\ws2_32.dll
0x76230000 \Windows\System32\urlmon.dll
0x76200000 \Windows\System32\imagehlp.dll
0x761B0000 \Windows\System32\gdi32.dll
0x760D0000 \Windows\System32\kernel32.dll
0x76040000 \Windows\System32\oleaut32.dll
0x75EA0000 \Windows\System32\setupapi.dll
0x75DD0000 \Windows\System32\user32.dll
0x75D70000 \Windows\System32\shlwapi.dll
0x77890000 \Windows\System32\sechost.dll
0x75D60000 \Windows\System32\nsi.dll
0x75D40000 \Windows\System32\imm32.dll
0x75CB0000 \Windows\System32\clbcatq.dll
0x75C00000 \Windows\System32\rpcrt4.dll
0x75BF0000 \Windows\System32\normaliz.dll
0x75BC0000 \Windows\System32\wintrust.dll
0x75B30000 \Windows\System32\comctl32.dll
0x75B10000 \Windows\System32\devobj.dll
0x759F0000 \Windows\System32\crypt32.dll
0x759C0000 \Windows\System32\cfgmgr32.dll
0x75970000 \Windows\System32\KernelBase.dll
0x75960000 \Windows\System32\msasn1.dll

Processes (total 90):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
452 csrss.exe
496 C:\Windows\System32\wininit.exe
504 csrss.exe
552 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\winlogon.exe
716 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\spoolsv.exe
1504 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1524 C:\Windows\System32\svchost.exe
1648 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1676 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1700 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1752 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
1824 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1832 C:\Windows\System32\conhost.exe
1904 C:\Windows\System32\svchost.exe
1956 C:\Program Files\Acer\Registration\GregHSRW.exe
2004 C:\Windows\System32\svchost.exe
2032 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
488 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
1388 C:\Windows\System32\dwm.exe
1380 C:\Windows\System32\taskhost.exe
2148 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2172 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2196 C:\Users\Philipp\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2376 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2384 C:\Windows\System32\igfxtray.exe
2408 C:\Windows\starter4g.exe
2452 C:\Windows\System32\igfxpers.exe
2576 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2600 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2648 C:\Windows\System32\svchost.exe
2712 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2864 C:\Program Files\XSManager\WTGService.exe
2884 C:\Windows\service4g.exe
2928 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3204 WmiPrvSE.exe
3488 C:\Program Files\Steam\Steam.exe
3520 C:\Windows\System32\alg.exe
3596 C:\Windows\System32\SearchIndexer.exe
3948 C:\Program Files\Launch Manager\LManager.exe
3956 C:\Program Files\Razer\Lachesis\razerhid.exe
3972 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3996 C:\Windows\System32\hkcmd.exe
4012 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
4072 C:\Program Files\Razer\Lachesis\razerofa.exe
4080 C:\Program Files\Apoint2K\Apoint.exe
2276 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2844 C:\Program Files\Windows Media Player\wmpnetwk.exe
3428 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3884 C:\Program Files\Apoint2K\ApMsgFwd.exe
3872 C:\Program Files\Apoint2K\Hidfind.exe
4328 C:\Windows\System32\wbem\unsecapp.exe
4556 C:\Windows\System32\svchost.exe
5132 C:\Program Files\Common Files\Steam\SteamService.exe
4600 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
4764 C:\Windows\System32\svchost.exe
5764 C:\Windows\System32\svchost.exe
1888 C:\Windows\explorer.exe
5472 C:\Windows\System32\StikyNot.exe
1516 C:\Users\Philipp\AppData\Local\Google\Chrome\Application\chrome.exe
1088 C:\Users\Philipp\AppData\Local\Google\Chrome\Application\chrome.exe
3500 C:\Users\Philipp\AppData\Local\Google\Chrome\Application\chrome.exe
4416 C:\Users\Philipp\AppData\Local\Google\Chrome\Application\chrome.exe
3780 C:\Program Files\AIMP2\AIMP2.exe
3480 C:\Windows\System32\audiodg.exe
4568 C:\Windows\System32\svchost.exe
3984 C:\Windows\System32\taskeng.exe
4448 C:\Windows\System32\svchost.exe
3816 C:\Users\Philipp\Desktop\osam.exe
3140 C:\Windows\System32\wbengine.exe
1024 C:\Windows\System32\vds.exe
2536 MpCmdRun.exe
5020 C:\Windows\System32\SearchProtocolHost.exe
3724 C:\Windows\System32\SearchFilterHost.exe
4596 C:\Windows\System32\notepad.exe
4092 dllhost.exe
3284 dllhost.exe
5956 C:\Users\Philipp\Downloads\MBRCheck.exe
2704 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`e8500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`b6000000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: DA67949D8E80AE4B877B861155C27C0550D2F7A3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus 05.06.2011 19:34
GMER lief nicht?

Bio_Fox 05.06.2011 20:33
Ne ich hab es 4 mal versucht aber hat nicht geklappt.

cosinus 05.06.2011 20:39
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Win7 (32-Bit) installiert?
Wenn nicht: Schau mal hier => RescueDisc-Win7-32-Bit

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten)

Falls Du eine normale Win7-Installations-DVD (32-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

Bio_Fox 06.06.2011 09:01
okay mach ich aber dafür brauch ich bisschen mehr zeit. Hab nämlich immoment viel zu tun.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131