Wie Rootkit.Bubnix entfernen?

#1 Sehr geehrtes Protecus-Team,
ich habe seit gestern einen Trojaner/ein Virus auf meinem Computer. Ein Scan mit Malwarebytes fand 5 infizierte Dateien. 4 ließen sich löschen, die folgende jedoch nicht:
C:\Windows\system32\Drivers\viibkh.sys (Rootkit.Bubnix)
Ich habe mehrfach versucht sie zu löschen, jedoch war sie nach jedem Neustart noch vorhanden.

Auch Antivir zeigte eine Malware-Warnung an. Das unerwünschte Programm 'TR/Crypt.ZPACK.Gen' [trojan] wurde in den folgenden 4 Dateien gefunden:
'C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\geky.exe'
'C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\boifza.exe'
'C:\Windows\Temp\crypt_dll-out.exe'
'C:\Users\Chris\AppData\Local\Temp\~TM7201.tmp'

Im Folgenden seht ihr mein Reinigungslog von Malwarebytes, Logfile von Hijackthis und die Uninstall-Liste.
Einen kompletten Gmer-Report kann ich nicht senden, da bereits kurz nach Programmstart die Warnung: "GMER has found sytem modification, which might have been caused by ROOTKIT activity".
Und auf der Liste wird in rot angezeigt: Type: Service, Name: hidden, Value: [BOOT]viibkh
Obwohl ich die Nachfrage nach einem kompletten Scan verneint habe, stürzte mein Computer wenig später ab (ich habe es 3 mal versucht).

Vielen Dank im Voraus!

1.) Reinigungslog von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4337

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

22.07.2010 11:30:20
mbam-log-2010-07-22 (11-30-20).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148714
Laufzeit: 8 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\system32\Drivers\viibkh.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.

2.) Hijackthis Logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:21:55, on 22.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\vspc1030.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\phonostar\ps_agent.exe
C:\Program Files\phonostar\ps_timer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Philips\CamSuite\1.0.9.0\ACPGUI.dll
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\HJT\Trend Micro\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [spc1030] C:\Windows\vspc1030.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [{5A4FE5E7-FE5D-82F5-6604-0642BDA6770E}] C:\Users\Chris\AppData\Roaming\Quzi\gydy.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [{E0836430-0484-0A20-9B83-85BD3841E2E9}] C:\Users\Chris\AppData\Roaming\Omdeid\obnoo.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9550169B-D9FC-4AD4-8DBD-2494B2E6DB42}: NameServer = 62.220.18.38 89.246.64.38
O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ACPService - Unknown owner - C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Access Auto Connection Manager RasAutoMSDTC (RasAutoMSDTC) - Unknown owner - C:\Windows\system32\aecachef.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9601 bytes

3.) Uninstall-Liste:

Ad-Aware
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2 - Deutsch
Adobe® Photoshop® Album Starter Edition 3.2
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
Avidemux 2.4
Avira AntiVir Personal - Free Antivirus
B/Works for Digital Cameras
Bonjour
DivX Converter
DivX Plus DirectShow Filters
DivX-Setup
DVD Shrink 3.2 deutsch (DeCSS-frei)
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.1.0 Be
FoxyTunes for Firefox
Free FLV Converter V 6.8.0
GIMP 2.4.6
Google Earth
Google Update Helper
Google Updater
Hamachi 1.0.3.0
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Assistant
HP Solution Center 8.0
HP Update
HPSSupply
iTunes
Java(TM) 6 Update 20
Last.fm 1.5.4.24567
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office XP Professional mit FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NVIDIA Drivers
Philips CamSuite
Philips Intelligent Agent
Philips SPC1030NC Webcam
phonostar-Player Version 2.01.2
PhotoFiltre
QuickTime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RealUpgrade 1.0
Skype™ 4.0
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Steam
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Videoload Manager 2.0.2200
Vista Codec Package
Visual C++ 9.0 CRT (x86) WinSXS MSM
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live-Uploadtool
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile-Gerätecenter: Treiberupdate
Windows-Treiberpaket - Philips (SPC1030) Image (06/11/2008 5.8.8.042)
Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA (06/02/2008 1.0.5.12)
WinRAR
XMedia Recode 2.1.3.7

#2 Hi,

alle Tools bitte mit Rechtsklick "Als Administrator" starten.

1. Hol Dir bitte RootRepeal
http://sites.google.com/site/rootrepeal/
Starte RootRepeal.
Beende alle anderen Programme, schalte AV-Wächter ab.
Gehe auf Report.
Klicke auf Scan.
Setze alle Häkchen.
Bestätige mit OK.
Poste bitte das Log.

#3 Hier ist das RootRepeal Log:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/22 14:25
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x82B32000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8201A000 Size: 3846144 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8E2E9000 Size: 294912 File Visible: - Signed: -
Status: -

Name: AnyDVD.sys
Image Path: C:\Windows\System32\Drivers\AnyDVD.sys
Address: 0x82BB6000 Size: 92544 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x88109000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x88111000 Size: 122880 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\Windows\System32\ATMFD.DLL
Address: 0x96690000 Size: 311296 File Visible: - Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\Windows\system32\DRIVERS\avgntflt.sys
Address: 0x9575A000 Size: 86016 File Visible: - Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\Windows\system32\DRIVERS\avipbb.sys
Address: 0x8DEA2000 Size: 139264 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8E259000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x82889000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x9F48B000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x96680000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x9F6DF000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x82BCD000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x828D2000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x886C9000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x82891000 Size: 266240 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8E3EB000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x886EA000 Size: 36864 File Visible: - Signed: -
Status: -

Name: csc.sys
Image Path: C:\Windows\system32\drivers\csc.sys
Address: 0x8DE30000 Size: 372736 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8DE8B000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x886B8000 Size: 69632 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8E224000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8E3F8000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8DEC4000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_dumpfve.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x8DECF000 Size: 69632 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8DF0C000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8DB22000 Size: 659456 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8866D000 Size: 159744 File Visible: - Signed: -
Status: -

Name: ElbyCDIO.sys
Image Path: C:\Windows\System32\Drivers\ElbyCDIO.sys
Address: 0x8E3E6000 Size: 17280 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\Windows\system32\DRIVERS\fdc.sys
Address: 0x887E3000 Size: 45056 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x88161000 Size: 65536 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\Windows\system32\DRIVERS\flpydisk.sys
Address: 0x8DE15000 Size: 40960 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8812F000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8E249000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fvevol.sys
Image Path: C:\Windows\System32\DRIVERS\fvevol.sys
Address: 0x88694000 Size: 147456 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x884F2000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x887F9000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x823C5000 Size: 208896 File Visible: - Signed: -
Status: -

Name: hamachi.sys
Image Path: C:\Windows\system32\DRIVERS\hamachi.sys
Address: 0x8DCFF000 Size: 18560 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x88747000 Size: 577536 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x9F401000 Size: 446464 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x883B8000 Size: 77824 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x880E4000 Size: 28672 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x88738000 Size: 61440 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x887EE000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x82801000 Size: 28672 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8DD9F000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x88180000 Size: 462848 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: C:\Windows\system32\DRIVERS\Lbd.sys
Address: 0x88171000 Size: 57472 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x95777000 Size: 65536 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x9573F000 Size: 110592 File Visible: - Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x82808000 Size: 458752 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x95730000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x883CB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x880F9000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x9F4A4000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x9F4B9000 Size: 135168 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x9F4DA000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x9F4F9000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x9F532000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8E29D000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x82B78000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8DC07000 Size: 192512 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x882FC000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8DDC9000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8865E000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x881F1000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8DC99000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8DCA4000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8DE1F000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8E379000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8E331000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x88327000 Size: 241664 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8E2A8000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8E3DC000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8850D000 Size: 1114112 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\Windows\system32\ntoskrnl.exe
Address: 0x8201A000 Size: 3846144 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8E252000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8D404000 Size: 7460320 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8E363000 Size: 90112 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x883A0000 Size: 98304 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x82BA7000 Size: 61440 File Visible: - Signed: -
Status: -

Name: parvdm.sys
Image Path: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0x9F5BD000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x82B80000 Size: 159744 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x880EB000 Size: 57344 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9F5C4000 Size: 909312 File Visible: - Signed: -
Status: -

Name: phaudlwr.sys
Image Path: C:\Windows\system32\DRIVERS\phaudlwr.sys
Address: 0x95708000 Size: 88704 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8201A000 Size: 3846144 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8E1F7000 Size: 184320 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x82878000 Size: 69632 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8E2B6000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8DC82000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8DCC7000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8DCD6000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8DCEA000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8201A000 Size: 3846144 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8E3A0000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8E28D000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\Windows\system32\DRIVERS\rdpdr.sys
Address: 0x8DD04000 Size: 561152 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8E295000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9F70D000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x95787000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8E00A000 Size: 2017088 File Visible: - Signed: -
Status: -

Name: Rtlh86.sys
Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys
Address: 0x8DBCF000 Size: 114688 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9F6A2000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\Windows\system32\DRIVERS\serenum.sys
Address: 0x8DBF6000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\Windows\system32\DRIVERS\serial.sys
Address: 0x883D6000 Size: 106496 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8E2D5000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spc1030.sys
Image Path: C:\Windows\system32\DRIVERS\spc1030.sys
Address: 0x9540E000 Size: 3035776 File Visible: - Signed: -
Status: -

Name: spc1030c.SYS
Image Path: C:\Windows\system32\DRIVERS\spc1030c.SYS
Address: 0x95701000 Size: 28672 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x88656000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x8DF16000 Size: 720896 File Visible: - Signed: -
Status: -

Name: sptd.sys
Image Path: C:\Windows\System32\Drivers\sptd.sys
Address: 0x82A3B000 Size: 819200 File Visible: - Signed: -
Status: -

Name: sptd.sys
Image Path: C:\Windows\System32\Drivers\sptd.sys
Address: 0x82A3B000 Size: 819200 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: SPTDDRV1.SYS
Image Path: C:\Windows\System32\Drivers\SPTDDRV1.SYS
Address: 0x82B0C000 Size: 155648 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9F571000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x9F54A000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x9F46E000 Size: 118784 File Visible: - Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ssmdrv.sys
Address: 0x8E39A000 Size: 23040 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8DC36000 Size: 266240 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\Windows\system32\DRIVERS\STREAM.SYS
Address: 0x956F4000 Size: 53248 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8DD9D000 Size: 4992 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x88408000 Size: 958464 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9F6AC000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8DC77000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8E2BF000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8DD8D000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x96660000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8872F000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x88724000 Size: 45056 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8DDD3000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbaudio.sys
Image Path: C:\Windows\system32\drivers\usbaudio.sys
Address: 0x9571E000 Size: 73216 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8DEF5000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8E000000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x887D4000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8DDE0000 Size: 217088 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x88362000 Size: 253952 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8DEE0000 Size: 86016 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8DBEB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8E260000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8E26C000 Size: 135168 File Visible: - Signed: -
Status: -

Name: viibkh.sys
Image Path: C:\Windows\System32\Drivers\viibkh.sys
Address: 0x88000000 Size: 565280 File Visible: No Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x8808B000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x8809A000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8861D000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8E387000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8DBC3000 Size: 49152 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x829B2000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x82A2E000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x96440000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x96440000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x82B03000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8201A000 Size: 3846144 File Visible: - Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0x9F6CD000 Size: 73728 File Visible: - Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0x9F6B8000 Size: 83328 File Visible: - Signed: -
Status: -

#4 Das war nicht ganz richtig.

Zitat

Gehe auf Report.
Klicke auf Scan.
Setze alle Häkchen.
Bestätige mit OK.

Hast Du, glaube ich, nicht gemacht. Bitte die Anleitungen in Zukunft genau beachten.

Aber wir machen erstmal weiter damit:

1. Hol Dir bitte Avenger aus meinem Anhang (die Seite ist im Moment nicht zu erreichen)

Entpacke Avenger auf den Desktop.
Starte Avenger (als Administrator).
Setze unten beide Häkchen.
Kopiere in das Skript-Feld rein:

Zitat

drivers to delete:
viibkh

Achtung: Von dem Board hier wird womöglich beim Kopieren eine zusätzliche Zeile eingefügt (Quelle: blablabla), diese Zeile bitte löschen
Klicke auf Execute
Neustart zulassen.
Nach dem Neustart sollte ein Log eingeblendet werden, poste es bitte.

Lasse danach RootRepeal bitte erneut laufen, und diesmal nach der Anleitung

#5 Hier schon mal das Avenger log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "viibkh" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#6 Ich habe zwei mal versucht den RootRepeal Scan durchzuführen. Nach ca. 45 Minuten brach das Programm jeweils ab. Die ersten Minuten läuft der Scan ohne Probleme, die einzelnen Bereiche werden mit dem Status "Locked to the Windows API" angezeigt. Aber wenn der Bereich "C:/Windows/winsxs/Manifests/" gescannt wird, tut sich nichts mehr. Und das für ca. 30-40 Minuten, bevor das Programm abbricht.
Beim ersten Abbruch gab es einen Fehlerbericht:

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x0040ab12
Attempt to write to address: 0x00000004

Außerdem hat Antivir folgende Warnung angezeigt, als ich soeben wieder online ging:

Die Datei 'C:\Windows\System32\drivers\viibkh.sys'
enthält einen Virus oder unerwünschtes Programm 'RKIT/Krap.B.56228' [trojan].

#7 Ok,

das Ding erneuert sich bei jedem Neustart, versuchen wir zuerst seine Helferleins zu killen.

1. Hol dir bitte OTL
http://oldtimer.geekstogo.com/OTL.exe
Das Programm starten und auf Run Scan klicken. Es werden zwei Logs erstellt, OTL.txt und Extras.txt, die beiden bitte posten.

#8 Hier sind die beiden OTL Logs:

OTL.txt:

OTL logfile created on: 22.07.2010 17:25:39 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Program Files\oldtimer
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 64,81 Gb Free Space | 27,83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.07.22 17:22:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Program Files\oldtimer\OTL.exe
PRC - [2010.06.28 22:48:54 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.04.22 16:29:53 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.13 19:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Program Files\phonostar\ps_timer.exe
PRC - [2009.05.13 19:33:22 | 000,098,304 | ---- | M] (phonostar) -- C:\Program Files\phonostar\ps_agent.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.06.11 13:28:54 | 000,741,376 | ---- | M] () -- C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe
PRC - [2008.06.11 13:28:24 | 000,815,104 | ---- | M] () -- C:\Program Files\Philips\CamSuite\1.0.9.0\ACPGUI.dll
PRC - [2008.02.22 15:30:04 | 000,684,032 | ---- | M] (Sonix) -- C:\Windows\vspc1030.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.11.23 08:23:02 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.03.16 11:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.07.22 17:22:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Program Files\oldtimer\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.22 16:29:53 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.02 00:53:16 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009.01.02 17:03:50 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.06.11 13:28:54 | 000,741,376 | ---- | M] () [Auto | Running] -- C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe -- (ACPService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:32 | 000,089,600 | --S- | M] () [Auto | Stopped] -- C:\Windows\System32\aecachef.exe -- (RasAutoMSDTC)
SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 23:53:44 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009.01.02 16:48:09 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.09.04 12:23:57 | 000,099,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008.07.21 14:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008.06.15 19:44:34 | 000,611,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.06.11 18:37:10 | 003,035,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spc1030.sys -- (SPC1030) USB2.0 PC Camera (SPC1030)
DRV - [2008.05.07 11:40:00 | 000,088,704 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV - [2008.05.03 05:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.27 14:07:38 | 002,022,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.09.17 17:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.22 16:58:10 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.22 16:58:10 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.22 16:58:10 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://de.yahoo.com/"
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.21 22:54:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.21 22:54:24 | 000,000,000 | ---D | M]

[2008.06.22 00:12:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2010.07.21 17:51:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions
[2010.04.28 17:20:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.28 17:20:20 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010.04.28 17:20:21 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.04.17 00:23:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\firegestures@xuldev.org
[2009.04.05 19:42:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\moveplayer@movenetworks.com
[2010.07.21 17:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.05.03 22:50:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.12 18:06:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 18:06:42 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.12 18:06:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.12 18:06:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.12 18:06:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [spc1030] C:\Windows\vspc1030.exe (Sonix)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{5A4FE5E7-FE5D-82F5-6604-0642BDA6770E}] C:\Users\Chris\AppData\Roaming\Quzi\gydy.exe ()
O4 - HKCU..\Run: [{E0836430-0484-0A20-9B83-85BD3841E2E9}] C:\Users\Chris\AppData\Roaming\Omdeid\obnoo.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe (phonostar)
O4 - HKCU..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe (phonostar)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fh-bochum.de ([std-info] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\Pictures\wallpaper\Placebo\placebo54.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\Pictures\wallpaper\Placebo\placebo54.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c4d0acd4-cc4e-11de-9994-001966679ba9}\Shell - "" = AutoRun
O33 - MountPoints2\{c4d0acd4-cc4e-11de-9994-001966679ba9}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.07.22 17:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\oldtimer
[2010.07.22 15:28:06 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.07.22 15:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\avenger
[2010.07.22 14:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\rootrepeal
[2010.07.22 14:09:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\wie-combofix-benutzt-wird-Dateien
[2010.07.22 11:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Gmer
[2010.07.22 10:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2010.07.22 00:16:29 | 000,665,072 | ---- | C] (Crawler Inc. ) -- C:\Program Files\SpywareTerminatorSetup272.exe
[2010.07.21 23:29:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010.07.21 23:29:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.21 23:29:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.21 23:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.21 23:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.21 23:27:13 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam146-setup.exe
[2010.07.20 13:44:23 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe
[2010.07.01 22:31:56 | 006,164,800 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup_FreeFlvConverter.exe
[2010.06.29 00:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.06.29 00:01:04 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstaller.exe
[2010.06.27 17:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.06.27 17:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.06.27 17:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009.05.18 15:12:07 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1030.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.07.22 17:26:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5AE8D99D-8F09-45C8-8FC7-4DA218EA997E}.job
[2010.07.22 17:25:15 | 003,932,160 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010.07.22 17:07:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.22 15:31:31 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.07.22 15:28:32 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.22 15:28:28 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.22 15:28:28 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.22 15:28:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.22 15:28:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.22 15:28:12 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.22 15:26:44 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010.07.22 15:26:44 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010.07.22 15:26:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.07.22 15:26:18 | 006,291,456 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010.07.22 14:09:09 | 000,066,421 | ---- | M] () -- C:\Users\Chris\Documents\wie-combofix-benutzt-wird.htm
[2010.07.22 12:15:45 | 259,245,861 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.22 10:51:24 | 000,001,956 | ---- | M] () -- C:\Users\Chris\Desktop\HJT.lnk
[2010.07.22 00:16:32 | 000,665,072 | ---- | M] (Crawler Inc. ) -- C:\Program Files\SpywareTerminatorSetup272.exe
[2010.07.21 23:29:39 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.21 23:27:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam146-setup.exe
[2010.07.21 22:54:57 | 000,000,024 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\vdnxlf.dat
[2010.07.21 19:42:28 | 000,225,280 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.20 18:34:28 | 000,000,145 | --S- | M] () -- C:\Windows\System32\2921284024.dat
[2010.07.20 13:44:26 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe
[2010.07.13 23:35:18 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.12 23:53:33 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.10 15:08:49 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.10 15:08:49 | 000,616,010 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.10 15:08:49 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.10 15:08:49 | 000,122,110 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.10 15:08:49 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.09 16:12:22 | 000,001,394 | ---- | M] () -- C:\Users\Chris\Desktop\DivX Movies.lnk
[2010.07.09 16:11:34 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.01 22:33:16 | 000,000,914 | ---- | M] () -- C:\Users\Chris\Desktop\Free FLV Converter.lnk
[2010.07.01 22:31:59 | 006,164,800 | ---- | M] (Koyote Soft ) -- C:\Program Files\Setup_FreeFlvConverter.exe
[2010.06.30 17:57:28 | 000,059,862 | ---- | M] () -- C:\Program Files\huggiesjeans.jpg
[2010.06.29 00:02:47 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstaller.exe
[2010.06.28 22:50:09 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.28 22:49:57 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010.06.28 22:49:44 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010.06.28 22:49:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010.06.28 22:48:57 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.07.22 15:21:35 | 000,731,136 | ---- | C] () -- C:\Users\Chris\Desktop\avenger.exe
[2010.07.22 14:09:06 | 000,066,421 | ---- | C] () -- C:\Users\Chris\Documents\wie-combofix-benutzt-wird.htm
[2010.07.22 10:51:24 | 000,001,956 | ---- | C] () -- C:\Users\Chris\Desktop\HJT.lnk
[2010.07.21 23:29:39 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.19 20:01:54 | 000,000,145 | --S- | C] () -- C:\Windows\System32\2921284024.dat
[2010.07.19 20:01:46 | 000,000,024 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vdnxlf.dat
[2010.06.30 17:57:26 | 000,059,862 | ---- | C] () -- C:\Program Files\huggiesjeans.jpg
[2010.06.28 22:50:09 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.27 17:30:03 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.01.20 18:37:51 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.10.01 23:24:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.29 05:11:20 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.05.18 15:12:07 | 003,035,776 | ---- | C] () -- C:\Windows\System32\drivers\spc1030.sys
[2009.05.18 15:12:07 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll
[2009.05.18 15:12:07 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1030c.sys
[2009.05.18 15:12:07 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini
[2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.08.26 14:59:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.08.18 15:37:51 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2008.07.01 14:44:28 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008.06.17 10:14:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.16 11:33:52 | 000,172,032 | ---- | C] () -- C:\Windows\WsBtn.dll
[2008.06.15 19:44:34 | 000,611,064 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.06.15 19:44:34 | 000,142,904 | ---- | C] () -- C:\Windows\System32\drivers\sptddrv1.sys
[2008.06.15 17:35:11 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008.06.15 17:35:11 | 000,004,144 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 24 bytes -> C:\Windows:6900F4A67144AA92
< End of report >



Extras.txt:

OTL Extras logfile created on: 22.07.2010 17:25:39 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Program Files\oldtimer
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 64,81 Gb Free Space | 27,83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B57F69-0D45-4DB3-926A-EAD865192C86}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0E293596-E6DC-43D7-8034-82F268A509AF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BFAAECB-B110-4FDB-AA85-385AE62A9C29}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{390555CA-CFF5-4F6B-A418-0F77531D49CD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3B222098-2299-4958-A16C-BA8AB8881962}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{978405AE-18F4-4984-8CDA-7F688DBC773F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD32D6FF-979E-4FA7-87E1-357D413720DA}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D900271F-7A70-4FE3-971A-7E031558BDFF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E9904D79-A956-4F4E-ADE1-B6FA5F02A7FC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6A8D82A-9A30-4834-9DE7-2CF9835C33B2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{044B175E-E7D7-40A7-ACBE-C3DD23B5807E}" = protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{0BF3E657-3A2F-44C5-916A-C6E79387FEA4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1FB9BCF1-7B2A-4B46-8E13-10CD92FB6FBA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2A232A62-2665-4E8B-9934-100063ADE647}" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"{2A7D88A8-0BC1-4D1E-AB52-B5B9CB09C191}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E3BF27C-B0FF-40DB-9584-670816C8D41F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{2F2C93A3-2AAF-44E2-AFA1-830DE1E5F427}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{30244A71-F4E5-4674-9508-6FBFAF9D5BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30A60AC0-4BEA-4BC4-AC21-1A362F2B7D64}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{33FA1DA4-6EBF-48B5-86F4-4526078185FE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{37B9BD5B-B0E5-4FE7-BB86-95ABB319E1CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37D952EC-2514-4158-982B-608B4BB91B7F}" = protocol=17 | dir=in | app=c:\windows\system32\services.exe |
"{39B2A04D-34D5-407C-AD79-B694CE9DBC4A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3E29D986-CB9E-4ED3-9025-6B5614ABB284}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3E6ADC49-B6F2-45D8-B68A-60838702FFDD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EBD72D1-43D8-4EA5-8113-ADC8ACA17E54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5873464E-CF8D-4449-B207-F3BF27FAF3DA}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{64715E93-FAD8-4E99-B936-FE9C7748733B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65F31029-A5E6-4669-8EEA-ABCBCE8CA0DC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6601ED42-838B-4776-88FD-88F559B0AD41}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6C265466-429F-4BFE-832C-700885924D6D}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{6FAF610C-81A7-4E02-B568-F869034E3164}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70D10945-68B1-428C-BFDD-FCD67C8FA878}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7732C3D9-06DE-429A-B71D-D38B24B217AB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7EB65D71-1FB9-4960-BB61-63CA55D55ACF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8A745622-53FB-4DEA-8BB8-3E0A5329DDA9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8FE08501-9D53-41DC-8218-2657506FADBF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{98D23CC1-CB01-4CB5-95D2-7FA068BD0FAB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9EFC3D0B-0F76-41EA-B73E-7AB63172F9A2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0E3F6DF-DC4B-4088-B9CB-9362FD34EB68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1B0B861-834A-462A-8436-8EFCCBB602A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE57B5BB-82F6-4474-8901-E9F7E388A437}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C185C86D-5ACC-45A1-A481-86874F4FB1A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C330657F-99A0-4213-BF7D-0ADAB42E4659}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DFCA80AF-ED36-4912-92A7-5D628C5DE166}" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"{DFEA95E8-759D-4189-9F69-D8E527D0E49F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E12C3AF5-B648-4654-BB5D-1CF3CC3195ED}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{EEDE5FD3-396A-4C07-AF60-04B07E44800E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F04C7E7A-AFE8-433B-8ABD-B2A42BFC24BB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F61D641E-6D8A-485F-B8AC-01FB256C0A10}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F6217858-3410-4692-A7F3-11678BA5329A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F8A5097A-A0DD-4565-8CBE-6C099DC58DC2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FB08263F-F9F2-465D-92D2-073065B7AF36}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FCD1B825-2F1A-4DDF-A270-99C1347E30DD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FEEEA8AF-F373-4CEC-954C-EA76B52AF9C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1DFAEFE2-291E-408E-94C5-3AABE786C384}C:\users\chris\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\chris\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{59118D26-AA7B-4597-9084-D2EE4F44DD26}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{80D2CE90-4174-4C01-A367-E7F12D0CE3B8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{9284C852-639E-41C9-A6A8-823DE238B98B}C:\program files\msn backup\msnbackup.exe" = protocol=6 | dir=in | app=c:\program files\msn backup\msnbackup.exe |
"TCP Query User{9A4E6449-3D3E-4B31-BD55-F12C3D516D87}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AD045893-9492-4F1A-965A-1608E279DE0B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{C58D8F59-1E75-4C67-96AA-7C9A7E6F7313}C:\users\chris\games\left 4 dead\left 4 dead\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\chris\games\left 4 dead\left 4 dead\left 4 dead\left4dead.exe |
"TCP Query User{F21F49A3-E22E-48CA-911F-B463192E046F}C:\program files\philips\intelligent agent\philips intelligent agent.exe" = protocol=6 | dir=in | app=c:\program files\philips\intelligent agent\philips intelligent agent.exe |
"UDP Query User{0DD57069-BF7F-4306-9EAD-370C7D8947B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2C21F42F-6F6E-4223-922E-BB431B420E21}C:\program files\msn backup\msnbackup.exe" = protocol=17 | dir=in | app=c:\program files\msn backup\msnbackup.exe |
"UDP Query User{34D387E4-80DD-4384-BB51-748EA4BD3F9A}C:\users\chris\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\chris\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{35678455-5E42-47AE-81E4-465D2B61A4FD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{97656503-1F5F-416D-B295-C1FD4B192BD8}C:\users\chris\games\left 4 dead\left 4 dead\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\chris\games\left 4 dead\left 4 dead\left 4 dead\left4dead.exe |
"UDP Query User{AEA7D4DA-FC8C-4F35-B88D-A3A868340300}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{CB65FA83-AA22-41A5-B5DD-633E9800B6A3}C:\program files\philips\intelligent agent\philips intelligent agent.exe" = protocol=17 | dir=in | app=c:\program files\philips\intelligent agent\philips intelligent agent.exe |
"UDP Query User{DF32D438-623F-4600-AF3E-2318B3948831}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1A6A6531-08FC-47AD-BAC4-C41497E71031}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BECDEE0-7126-4F9B-8BE4-E72AEA79571B}" = ArcSoft WebCam Companion 2
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E6C773DF-41C4-4A4F-B6C5-7830FF10342F}" = Philips CamSuite
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F6D5EED1-EB69-421C-A314-8998CA574C51}" = Philips SPC1030NC Webcam
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"10F7630C78CC9B1F315B5FA216ECB493C3ACD3E5" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA (06/02/2008 1.0.5.12)
"45BC8B5D6014058D45855440C588F87C62D70673" = Windows-Treiberpaket - Philips (SPC1030) Image (06/11/2008 5.8.8.042)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AnyDVD" = AnyDVD
"Avidemux 2.4" = Avidemux 2.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B/Works for Digital Cameras_is1" = B/Works for Digital Cameras
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.1.0 Be
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free FLV Converter_is1" = Free FLV Converter V 6.8.0
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.3.0
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"NVIDIA Drivers" = NVIDIA Drivers
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.2
"PhotoFiltre" = PhotoFiltre
"RealPlayer 12.0" = RealPlayer
"Videoload Manager" = Videoload Manager 2.0.2200
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.1.3.7

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 22.07.2010 05:50:12 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung luxqlknp.exe, Version 1.0.15.15281, Zeitstempel
0x4b2763f0, fehlerhaftes Modul luxqlknp.exe, Version 1.0.15.15281, Zeitstempel
0x4b2763f0, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c4b1, Prozess-ID 0x15a0,
Anwendungsstartzeit 01cb2982aa4a7fa3.

Error - 22.07.2010 05:54:38 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 22.07.2010 05:54:38 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 22.07.2010 06:17:00 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 22.07.2010 06:17:00 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 22.07.2010 07:31:19 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 22.07.2010 07:31:19 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 22.07.2010 09:29:27 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 22.07.2010 09:29:28 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 22.07.2010 10:07:29 | Computer Name = Chris-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 22.07.2010 05:50:13 | Computer Name = Chris-PC | Source = WinDefend | ID = 5008
Description = Das %%827-Modul wurde aufgrund eines unerwarteten Fehlers beendet.

Fehlertyp:
%%830 Ausnahmecode: 0xc0000005 Ressource:

Error - 22.07.2010 05:53:16 | Computer Name = Chris-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 22.07.2010 um 11:49:56 unerwartet heruntergefahren.

Error - 22.07.2010 05:53:02 | Computer Name = Chris-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 22.07.2010 06:15:52 | Computer Name = Chris-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 22.07.2010 um 12:14:06 unerwartet heruntergefahren.

Error - 22.07.2010 06:15:40 | Computer Name = Chris-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 22.07.2010 07:30:06 | Computer Name = Chris-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 22.07.2010 um 13:27:44 unerwartet heruntergefahren.

Error - 22.07.2010 07:29:54 | Computer Name = Chris-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 22.07.2010 09:27:19 | Computer Name = Chris-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 22.07.2010 09:28:07 | Computer Name = Chris-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 22.07.2010 09:34:48 | Computer Name = Chris-PC | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_UZNZAHPA\0000" wurde ohne vorbereitende Maßnahmen
vom System entfernt.


< End of report >

#9 Ok,

1. Starte bitte OTL, kopiere unten in das Script-Feld rein:

Zitat

:OTL
SRV - [2008.01.19 09:33:32 | 000,089,600 | --S- | M] () [Auto | Stopped] -- C:\Windows\System32\aecachef.exe -- (RasAutoMSDTC)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [{5A4FE5E7-FE5D-82F5-6604-0642BDA6770E}] C:\Users\Chris\AppData\Roaming\Quzi\gydy.exe ()
O4 - HKCU..\Run: [{E0836430-0484-0A20-9B83-85BD3841E2E9}] C:\Users\Chris\AppData\Roaming\Omdeid\obnoo.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{c4d0acd4-cc4e-11de-9994-001966679ba9}\Shell - "" = AutoRun
O33 - MountPoints2\{c4d0acd4-cc4e-11de-9994-001966679ba9}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2010.07.19 20:01:54 | 000,000,145 | --S- | C] () -- C:\Windows\System32\2921284024.dat
[2010.07.19 20:01:46 | 000,000,024 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vdnxlf.dat
@Alternate Data Stream - 24 bytes -> C:\Windows:6900F4A67144AA92

:Files
C:\Users\Chris\AppData\Roaming\Quzi
C:\Users\Chris\AppData\Roaming\Omdeid

:Commands
[purity]
[emptytemp]
[emptyflash]

und klicke auf Run Fix. Ein Neustart wird unter Umständen benötigt. Poste bitte das Fix Log.

2. Wiederhole bitte den Schritt mit Avenger wie oben beschrieben.

3. Versuche bitte erneut, RootRepeal auszuführen.

#10 Ich habe Run Fix bei OTL ausgeführt. Nach einigen Minuten verschwand der Inhalt des OTL-Fensters. Außerdem alle Desktop-Icons und die Menüleiste. Es erschien ein Fenster mit der Meldung: OTL funktioniert nicht mehr.
Nach einem Neustart erschien ein Fenster mit folgender Nachricht:

Files\Folders moved on Reboot...
C:\Windows\System32\aecachef.exe moved successfully.
C:\Windows\System32\2921284024.dat moved successfully.

Registry entries deleted on Reboot...

#11 Habe Avenger ausgeführt. Der Neustart des Computers klappte erst im 2. Anlauf. Hier Das folgende Log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\viibkh" not found!
Deletion of driver "viibkh" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

#12 Habe auch RootRepeal erneut gestartet. Wie schon beim letzten mal gab es eine Error Meldung. Der Crash-Report ist identisch mit dem, den ich beim letzten Versuch gepostet habe.

#13 Ok,

sag bitte Bescheid, falls Antivir "viibkh" erneut meldet. Scheint aber tot zu sein.

Arbeite bitte diese Anleitung ab und poste das Log:
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

#14 Hier ist das Combofix Log:

ComboFix 10-07-22.01 - Chris 22.07.2010 20:36:58.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1033.18.2047.710 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Chris\AppData\Roaming\inst.exe
c:\users\Chris\AppData\Roaming\Quzi\gydy.exe

.
((((((((((((((((((((((( Dateien erstellt von 2010-06-22 bis 2010-07-22 ))))))))))))))))))))))))))))))
.

2010-07-22 18:46 . 2010-07-22 18:47 -------- d-----w- c:\users\Chris\AppData\Local\temp
2010-07-22 18:46 . 2010-07-22 18:46 -------- d-----w- c:\users\Peter\AppData\Local\temp
2010-07-22 18:46 . 2010-07-22 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-22 16:21 . 2010-07-22 16:21 -------- d-----w- C:\_OTL
2010-07-22 15:21 . 2010-07-22 16:18 -------- d-----w- c:\program files\oldtimer
2010-07-22 13:20 . 2010-07-22 13:21 -------- d-----w- c:\program files\avenger
2010-07-22 12:19 . 2010-07-22 17:31 -------- d-----w- c:\program files\rootrepeal
2010-07-22 09:45 . 2010-07-22 09:45 -------- d-----w- c:\program files\Gmer
2010-07-22 08:51 . 2010-07-22 08:51 388096 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-22 08:48 . 2010-07-22 08:51 -------- d-----w- c:\program files\HJT
2010-07-21 22:16 . 2010-07-21 22:16 665072 ----a-w- c:\program files\SpywareTerminatorSetup272.exe
2010-07-21 21:29 . 2010-07-21 21:29 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2010-07-21 21:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 21:29 . 2010-07-21 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 21:29 . 2010-07-21 21:29 -------- d-----w- c:\programdata\Malwarebytes
2010-07-21 21:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 21:27 . 2010-07-21 21:27 6153352 ----a-w- c:\program files\mbam146-setup.exe
2010-07-20 11:44 . 2010-07-20 11:44 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2010-07-09 14:12 . 2010-07-09 14:12 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-09 14:12 . 2010-07-09 14:12 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-09 14:11 . 2010-07-09 14:11 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-01 20:31 . 2010-07-01 20:31 6164800 ----a-w- c:\program files\Setup_FreeFlvConverter.exe
2010-06-28 22:07 . 2010-06-28 22:07 -------- dc----w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-28 22:01 . 2010-06-28 22:02 97364760 ----a-w- c:\program files\Ad-AwareInstaller.exe
2010-06-28 20:50 . 2010-06-28 20:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-28 20:50 . 2010-06-28 20:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-28 20:50 . 2010-06-28 20:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-28 20:50 . 2010-06-28 20:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-28 20:50 . 2010-06-28 20:50 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-28 20:50 . 2010-06-28 20:50 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-28 20:50 . 2010-06-28 20:50 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-28 20:50 . 2010-06-28 20:50 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-28 20:50 . 2010-06-28 20:50 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-28 20:45 . 2010-06-28 20:45 738824 ----a-w- c:\users\Chris\AppData\Roaming\Real\RealPlayer\setup\AU_setup20100217.exe
2010-06-27 15:29 . 2010-06-27 15:29 -------- d-----w- c:\program files\iPod
2010-06-27 15:29 . 2010-06-27 15:30 -------- d-----w- c:\program files\iTunes
2010-06-27 15:25 . 2010-06-27 15:25 -------- d-----w- c:\program files\Bonjour
2010-06-27 15:22 . 2010-06-27 15:22 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 18:35 . 2008-06-24 11:52 -------- d-----w- c:\programdata\Google Updater
2010-07-22 18:28 . 2008-12-22 12:37 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-22 16:03 . 2010-03-30 11:43 -------- d-----w- c:\users\Chris\AppData\Roaming\Zyaxer
2010-07-22 09:30 . 2008-12-03 06:55 -------- d-----w- c:\users\Chris\AppData\Roaming\Yqguqo
2010-07-20 13:17 . 2008-06-17 09:52 -------- d-----w- c:\users\Chris\AppData\Roaming\phonostar-Player
2010-07-10 13:08 . 2008-06-15 16:46 616010 ----a-w- c:\windows\system32\perfh007.dat
2010-07-10 13:08 . 2008-06-15 16:46 122110 ----a-w- c:\windows\system32\perfc007.dat
2010-07-09 14:12 . 2010-04-17 12:02 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-09 14:12 . 2010-04-17 11:53 -------- d-----w- c:\programdata\DivX
2010-07-09 14:12 . 2008-12-27 14:51 -------- d-----w- c:\program files\DivX
2010-07-09 14:10 . 2010-04-17 12:02 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-09 14:10 . 2010-04-17 12:02 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-01 20:33 . 2008-09-03 18:11 -------- d-----w- c:\program files\Free FLV Converter
2010-06-30 15:57 . 2010-06-30 15:57 59862 ----a-w- c:\program files\huggiesjeans.jpg
2010-06-28 20:50 . 2008-06-17 08:24 -------- d-----w- c:\program files\Common Files\Real
2010-06-28 20:49 . 2009-04-03 17:47 -------- d-----w- c:\program files\Real
2010-06-27 15:29 . 2008-06-17 08:14 -------- d-----w- c:\program files\Common Files\Apple
2010-06-27 15:29 . 2008-06-15 17:43 -------- d-----w- c:\programdata\Apple Computer
2010-06-19 20:14 . 2010-06-19 20:14 -------- d-----w- c:\users\Peter\AppData\Roaming\Apple Computer
2010-06-16 20:18 . 2008-06-15 15:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-14 13:30 . 2008-06-17 08:17 -------- d-----w- c:\users\Chris\AppData\Roaming\Apple Computer
2010-06-14 10:45 . 2010-06-14 10:45 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-14 10:43 . 2010-06-14 10:42 -------- d-----w- c:\program files\QuickTime
2010-06-08 09:30 . 2008-09-03 18:11 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-06-04 15:02 . 2009-06-23 10:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-04 15:02 . 2010-06-04 15:02 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-04 15:01 . 2010-06-04 15:01 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-04 15:01 . 2010-06-04 15:01 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-04 15:01 . 2010-06-04 15:01 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-04 15:01 . 2010-06-04 15:01 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-02 22:38 . 2008-07-08 20:25 -------- d-----w- c:\users\Chris\AppData\Roaming\gtk-2.0
2010-05-31 15:24 . 2010-05-31 15:17 -------- d-----w- c:\programdata\fluxDVD
2010-05-31 15:17 . 2010-05-31 15:17 -------- d-----w- c:\program files\Videoload Manager
2010-05-31 15:17 . 2010-05-31 15:17 -------- d-----w- c:\program files\Common Files\fluxDVD
2010-05-31 15:17 . 2010-05-31 15:17 -------- d-----w- c:\programdata\mpDRM
2010-05-31 15:17 . 2010-05-31 15:17 -------- d-----w- c:\program files\Common Files\mpDRM
2010-05-21 12:14 . 2009-10-02 21:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 13:49 . 2010-05-06 13:49 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-05-06 13:49 . 2010-05-06 13:49 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-06 13:49 . 2010-05-06 13:49 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-05-06 13:49 . 2010-05-06 13:49 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-03-26 11:59 . 2010-03-26 11:58 42341360 ----a-w- c:\program files\avira_antivir_personal10_de.exe
2009-08-25 14:12 . 2009-08-25 14:12 4162581 ----a-w- c:\program files\XMediaRecode2137_setup.exe
2009-06-24 16:28 . 2009-06-24 16:28 13171671 ----a-w- c:\program files\avidemux_2.4.4_win32.exe
2009-06-23 10:48 . 2009-06-23 10:48 21128536 ----a-w- c:\program files\DivXInstaller72.exe
2009-06-19 22:08 . 2009-06-19 22:07 1686727 ----a-w- c:\program files\pf-632setup-en.exe
2009-06-10 12:38 . 2009-06-10 12:38 1878888 ----a-w- c:\program files\install_flash_player.exe
2009-06-10 12:05 . 2009-06-10 12:03 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-06-10 11:35 . 2009-06-10 11:35 18724238 ----a-w- c:\program files\VistaCodecs_v529.exe
2009-05-27 20:05 . 2009-05-27 20:05 20617000 ----a-w- c:\program files\SkypeSetupFull.exe
2009-05-17 11:31 . 2009-05-17 11:31 411509 ----a-w- c:\program files\gspot_2_70_a.zip
2009-04-15 15:01 . 2009-04-15 15:01 14938992 ----a-w- c:\program files\IE8-WindowsVista-x86-DEU.exe
2009-04-04 22:27 . 2009-04-04 22:27 156048 ----a-w- c:\program files\FHSetup1031.exe
2009-04-03 17:44 . 2009-04-03 17:44 13784560 ----a-w- c:\program files\RealPlayer111GOLD_de.exe
2009-02-17 13:32 . 2009-02-17 13:32 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-01-31 11:10 . 2009-01-31 11:10 607640 ----a-w- c:\program files\xpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008.exe
2008-12-22 12:34 . 2008-12-22 12:34 12644232 ----a-w- c:\program files\drvupdate-x86.exe
2008-12-15 20:54 . 2008-12-15 20:53 7991568 ----a-w- c:\program files\DVDFab5210Beta_avangate-689.exe
2008-12-15 16:53 . 2008-12-15 16:53 3657607 ----a-w- c:\program files\AnyDVD.v6.4.6.6.Final.Incl.Crack-RES.rar
2008-12-15 16:19 . 2008-12-15 16:19 1258692 ----a-w- c:\program files\dvdshrink.3.2.de._decss-frei_.setup.exe
2008-07-12 19:32 . 2008-07-12 19:28 171697720 ----a-w- c:\program files\AIO_CDB_Full_Non-Network_deu.exe
2008-06-30 11:21 . 2008-06-30 11:20 8284343 ----a-w- c:\program files\Photoshop_albumSE_de_de_320.zip
2008-06-30 11:15 . 2008-06-30 11:15 533687 ----a-w- c:\program files\bworks.zip
2008-06-30 11:06 . 2008-06-30 11:06 17950304 ----a-w- c:\program files\gimp-2.4.6-i686-setup.exe
2008-06-24 11:51 . 2008-06-24 11:51 1014480 ----a-w- c:\program files\Google Updater.exe
2008-06-23 13:43 . 2008-06-23 13:42 24792728 ----a-w- c:\program files\AdbeRdr812_de_DE.exe
2008-06-21 21:59 . 2008-06-21 21:58 7331584 ----a-w- c:\program files\Firefox_Setup_3.0_de.exe
2008-06-17 09:52 . 2008-06-17 09:51 5203576 ----a-w- c:\program files\ps_radio2012.exe
2006-11-22 14:58 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PhonostarAgent"="c:\program files\phonostar\ps_agent.exe" [2009-05-13 98304]
"PhonostarTimer"="c:\program files\phonostar\ps_timer.exe" [2009-05-13 126976]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-23 4706304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"spc1030"="c:\windows\vspc1030.exe" [2008-02-22 684032]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-28 202256]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):00,fd,84,5a,78,43,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-06-15 611064]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-11 64160]
S2 ACPService;ACPService;c:\program files\Philips\CamSuite\1.0.9.0\ACPService.exe [2008-06-11 741376]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\DRIVERS\spc1030.sys [2008-06-11 3035776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-07-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:53]

2010-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-24 10:45]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 22:46]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 22:46]

2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{5AE8D99D-8F09-45C8-8FC7-4DA218EA997E}.job
- c:\windows\system32\msfeedssync.exe [2010-02-02 04:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: fh-bochum.de\std-info
Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\mjyvyxiq.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Videoload Manager\NPWMDRMWrapper.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-{5A4FE5E7-FE5D-82F5-6604-0642BDA6770E} - c:\users\Chris\AppData\Roaming\Quzi\gydy.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 20:47
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2010-07-22 20:50:35
ComboFix-quarantined-files.txt 2010-07-22 18:50

Vor Suchlauf: 9 Verzeichnis(se), 69.885.726.720 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 70.057.553.920 Bytes frei

- - End Of File - - 2D7579F47715C70E8A7873AAFA5CF3BD

#15

Zitat

2008-12-15 16:53 . 2008-12-15 16:53 3657607 ----a-w- c:\program files\AnyDVD.v6.4.6.6.Final.Incl.Crack-RES.rar

Lösche bitte jegliche Cracks, Keygens etc. und deinstalliere die dazugehörige Programme, sonst muss ich die Hilfe einstellen. Die Benutzung solcher Sachen ist illegal und wird hier nicht toleriert. Außerdem für die Zukunft: Cracks, Keygens etc. sind zu 99,9% verseucht.

1. Starte bitte OTL, kopiere unten in das Script-Feld rein:

Zitat

:Files
c:\users\Chris\AppData\Roaming\Zyaxer
c:\users\Chris\AppData\Roaming\Yqguqo
c:\users\Chris\AppData\Roaming\Quzi

:Commands
[purity]
[emptytemp]
[emptyflash]

und klicke auf Run Fix. Das Fix Log bitte posten.

2. Versuche bitte erneut, Gmer scannen zu lassen.