Problem mit IDE/SATA-Fetsplatten

Holzwurm 2 · 10.06.2011, 16:49

Hallo

Wie so viele habe ich mir auch etwas eingefangen.
Habe das gleiche Problem. http://www.trojaner-board.de/100072-...tgestellt.html

Ich habe einen OTL log und bitte um Hilfe.

Code:

ATTFilter

OTL logfile created on: 10.06.2011 17:25:22 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 68,96% Memory free
6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 73,77 Gb Free Space | 49,49% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 120,37 Gb Free Space | 86,42% Space Free | Partition Type: NTFS
Drive E: | 1,89 Gb Total Space | 1,88 Gb Free Space | 99,51% Space Free | Partition Type: FAT
 
Computer Name: HOLZWURM | User Name: irarref575 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Users\irarref575\AppData\Local\Apps\2.0\1CEDPDX9.Z1J\8Q3ZH6PO.5TX\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - E:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "t-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.06.05 20:40:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2010.09.03 20:51:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.02 07:34:34 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 12:45:57 | 000,000,000 | -H-D | M]
 
[2010.12.10 20:36:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\irarref575\AppData\Roaming\mozilla\Extensions
[2010.12.10 20:36:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\irarref575\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.05.24 21:35:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\irarref575\AppData\Roaming\mozilla\Firefox\Profiles\x3t7edo9.default\extensions
[2010.04.29 08:36:44 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\irarref575\AppData\Roaming\mozilla\Firefox\Profiles\x3t7edo9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.04 17:26:35 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\irarref575\AppData\Roaming\mozilla\Firefox\Profiles\x3t7edo9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.03 12:46:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.05.03 12:46:16 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.09.03 20:51:24 | 000,000,000 | ---D | M] (LG Air Sync) -- C:\PROGRAM FILES\LG ELECTRONICS\LG PC SUITE IV\LINKAIR\{00ADD29A-66F4-4F22-BCC0-4C1D29DA647B}
() (No name found) -- C:\USERS\IRARREF575\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X3T7EDO9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.02 07:34:32 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 05:08:00 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\irarref575\AppData\Local\Apps\2.0\1CEDPDX9.Z1J\8Q3ZH6PO.5TX\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync Option - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\irarref575\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\irarref575\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4e0a1186-b75b-11df-b5ba-00224332dce4}\Shell - "" = AutoRun
O33 - MountPoints2\{4e0a1186-b75b-11df-b5ba-00224332dce4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{59da691c-0366-11df-8447-00235484469c}\Shell\AutoRun\command - "" = I:\Menu.exe
O33 - MountPoints2\{e3c08c06-1847-11e0-a30d-00224332dce4}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c08c06-1847-11e0-a30d-00224332dce4}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.10 16:42:47 | 000,000,000 | ---D | C] -- C:\Users\irarref575\AppData\Roaming\Malwarebytes
[2011.06.10 16:42:39 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.10 16:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.10 16:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.10 16:42:34 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.10 16:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.06.09 16:20:46 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore
[2011.06.01 08:18:14 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Users\irarref575\AppData\Roaming\pcouffin.sys
[2011.06.01 08:18:14 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\Vso
[2011.06.01 08:18:14 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\Documents\PcSetup
[2011.06.01 08:16:02 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.26 10:58:47 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Local\PDF24
[2011.05.26 10:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2011.05.26 10:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2011.05.23 23:05:02 | 000,016,896 | ---- | C] (Danish Wireless Design A/S) -- C:\Windows\System32\drivers\FlashUSB.sys
[2011.05.23 23:05:02 | 000,000,000 | -H-D | C] -- C:\ifx
[2011.05.23 23:02:06 | 000,000,000 | -H-D | C] -- C:\LG_USB
[2011.05.23 22:16:56 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2011.05.23 22:16:56 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2011.05.23 22:16:56 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2011.05.23 22:16:11 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Local\Apps
[2011.05.23 22:16:10 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Local\Deployment
[2011.05.23 22:10:09 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\Documents\OneNote-Notizbücher
[2011.05.23 13:44:46 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\vlc
[2011.05.12 16:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2007.01.24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.10 17:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.10 17:03:00 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.06.10 17:02:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.10 17:02:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.10 17:02:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.10 17:02:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.10 17:02:09 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.10 16:42:39 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.10 16:38:52 | 000,678,092 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.10 16:38:52 | 000,637,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.10 16:38:52 | 000,147,244 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.10 16:38:52 | 000,120,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.09 16:44:41 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~39968504r
[2011.06.09 16:44:41 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~39968504
[2011.06.09 16:20:47 | 000,000,600 | -H-- | M] () -- C:\Users\irarref575\Desktop\Windows Vista Restore.lnk
[2011.06.09 16:20:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\39968504
[2011.06.09 11:05:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.06.08 22:30:04 | 000,120,320 | -H-- | M] () -- C:\Users\irarref575\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.01 08:18:14 | 000,087,608 | -H-- | M] () -- C:\Users\irarref575\AppData\Roaming\inst.exe
[2011.06.01 08:18:14 | 000,047,360 | -H-- | M] (VSO Software) -- C:\Users\irarref575\AppData\Roaming\pcouffin.sys
[2011.06.01 08:18:14 | 000,007,887 | -H-- | M] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.cat
[2011.06.01 08:18:14 | 000,001,144 | -H-- | M] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.inf
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.23 23:00:09 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2011.05.23 22:59:58 | 000,000,774 | -H-- | M] () -- C:\Users\irarref575\Desktop\LGMobile update.lnk
[2011.05.23 22:16:32 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2011.05.23 22:16:30 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2011.05.23 08:12:04 | 000,000,680 | -H-- | M] () -- C:\Users\irarref575\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2011.06.10 16:42:39 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.09 16:20:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~39968504r
[2011.06.09 16:20:48 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~39968504
[2011.06.09 16:20:47 | 000,000,600 | -H-- | C] () -- C:\Users\irarref575\Desktop\Windows Vista Restore.lnk
[2011.06.09 16:20:34 | 000,000,336 | -H-- | C] () -- C:\ProgramData\39968504
[2011.06.01 08:18:14 | 000,087,608 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\inst.exe
[2011.06.01 08:18:14 | 000,007,887 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.cat
[2011.06.01 08:18:14 | 000,001,144 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.inf
[2011.01.23 21:16:45 | 000,000,680 | -H-- | C] () -- C:\Users\irarref575\AppData\Local\d3d9caps.dat
[2010.09.16 23:35:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.09.16 23:35:32 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.09.03 21:26:52 | 000,038,214 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2010.06.29 06:34:58 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2009.08.26 09:31:31 | 002,707,563 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\NMM-MetaData.db
[2009.06.22 21:18:01 | 000,256,158 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\mdbu.bin
[2009.05.31 21:46:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.31 21:46:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.12 00:57:00 | 000,013,855 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\UserTile.png
[2009.03.01 19:23:19 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2009.01.15 00:36:02 | 000,000,098 | -H-- | C] () -- C:\Users\irarref575\AppData\Local\fusioncache.dat
[2009.01.02 19:17:04 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.01.02 18:30:01 | 000,120,320 | -H-- | C] () -- C:\Users\irarref575\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.11 01:24:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.11.11 01:19:16 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008.11.11 01:19:06 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2008.11.11 01:19:03 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008.11.10 23:57:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.10 23:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.04.16 13:11:34 | 000,678,092 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 13:11:34 | 000,147,244 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.03.09 15:32:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.03.04 13:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.02.28 04:14:03 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,406,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,637,304 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,120,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.02.25 06:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
 
========== LOP Check ==========
 
[2009.01.05 21:09:03 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\DAEMON Tools
[2009.01.05 20:56:31 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\DAEMON Tools Lite
[2009.01.05 21:09:03 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\DAEMON Tools Pro
[2011.03.09 10:01:50 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\FRITZ!
[2011.01.12 20:23:28 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\FUJIFILM
[2010.09.17 00:01:33 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\ML
[2009.06.05 11:35:26 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Mp3tag
[2009.06.05 10:54:55 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Nokia
[2009.06.05 10:41:02 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\PC Suite
[2009.03.12 00:57:00 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\PeerNetworking
[2011.01.28 21:43:34 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Teleca
[2010.12.10 20:36:33 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\TomTom
[2011.06.01 08:18:15 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Vso
[2011.06.10 17:01:20 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.20 16:46:06 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DAC806BD-EA5E-43F7-A13C-BF225E18D1DF}.job
 
========== Purity Check ==========
 
 
 
< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 10.06.2011 17:25:22 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 68,96% Memory free
6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 73,77 Gb Free Space | 49,49% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 120,37 Gb Free Space | 86,42% Space Free | Partition Type: NTFS
Drive E: | 1,89 Gb Total Space | 1,88 Gb Free Space | 99,51% Space Free | Partition Type: FAT
 
Computer Name: HOLZWURM | User Name: irarref575 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A2323B-8220-4716-B91A-8011D873DBD3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1336F39A-AFAC-4DB6-A290-FF12B67734C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1FBB7E3B-3312-47F7-B997-300235CD3663}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A96E6D3-C280-4997-BC71-D9155CEC4794}" = rport=138 | protocol=17 | dir=out | app=system | 
"{45553A84-5EB7-4383-8845-3FBF5FAFD6C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{45E483D3-CB34-4D49-BF3C-1089B225F3AA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4C05F9B7-CF2D-41DF-8D71-66BA40B7C85A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{52D05BB7-D592-457A-9BBE-F9BA99C3D687}" = lport=139 | protocol=6 | dir=in | app=system | 
"{601D63A7-F111-4CA0-B58B-C7CEB746D8A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{78E2D20C-A5AD-424B-A96D-D1D411E0E28C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{797061C8-B8F8-4BF7-95FB-F0D36C5B79C7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{93920541-E658-4EAF-A897-C3A4F51A5495}" = lport=137 | protocol=17 | dir=in | app=system | 
"{96CE9379-8C59-4124-AC74-BDFEED0E6E6B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9735E29B-085B-44FA-9CCE-D1FB110C1051}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A8A09511-E36E-47C2-A72A-A9CEE2B68B1C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AF6E000A-F7C0-4C5F-ACBF-527232BC9145}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BA00EA41-CEF6-480D-ACA2-8B17CF031788}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D84069AA-D67E-488D-BE97-0EE796EDC0FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E3A0E6F3-0573-4AD2-B46C-F3D6C9563E85}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B89225-D4D3-4AA4-898A-5F30872F2AF2}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{1974B17D-9FCF-4978-80CF-BC580DEF4771}" = protocol=6 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{32A42354-83D6-4999-A6A4-D93EE4F6F8D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{43FB0FC8-798F-4510-8931-85AAAF4EC93C}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{48D36D0C-1463-428F-A7BE-FC373E667899}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{524F97C3-658D-4C69-81C8-C7CFD6BECD76}" = protocol=17 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{584796A8-8E57-494D-AFAD-20F90E6A3E14}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5FC8016D-D74D-46F6-BF48-E51FB10295CA}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{71819097-990E-418B-AEB0-D25150E08CA2}" = protocol=17 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{73D5A79B-882D-47E7-8D9D-5ABD72627C71}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{775FCAEC-D7E7-4C91-B569-B72421394B38}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{7AB0479E-AD45-4723-8C26-ACB13507CD41}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7C2220E9-041F-4A7B-8086-BFD3BD31885D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{831B8E3C-EBA1-4351-9B60-FA681B5EFF57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9CF141DC-A75F-43C4-8DD1-775E44C7919A}" = protocol=6 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{CEB49EC0-0ECF-4212-AEAB-6562D0F66586}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{D30E1B66-5793-4BCE-9674-6D95DD26875C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DD4D1ABC-C2DB-4B9E-A2A4-C69DB847C9B7}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{EBD9B9A8-043B-49B2-BD59-23D48F372714}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{F81CCF73-B251-4EFD-8F9D-06499A3E94AA}" = protocol=6 | dir=in | app=c:\program files\msi\arcsoft totalmedia\totalmedia.exe | 
"{FBB6952B-A3F8-4F6F-9AA3-2DE0815AF73D}" = protocol=17 | dir=in | app=c:\program files\msi\arcsoft totalmedia\totalmedia.exe | 
"TCP Query User{0C681BFB-5BCB-43FC-BB80-7640C575E2EC}C:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe | 
"TCP Query User{1102CEB2-1136-46F9-8DB1-81A311DEE7F8}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{147B9FE5-06B0-49CD-8FE8-787DABBD69C0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{1D23D45B-08E2-4D20-A89A-EA54F6130F54}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{2E0CA8F8-E509-4C1E-BEF4-9089FF5C0D8A}D:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=d:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe | 
"TCP Query User{4F2C8516-669A-4AF2-B0DE-9FE8AFF40B61}D:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe | 
"TCP Query User{67AEE045-D564-4E54-BD10-C0FE4845DD10}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{AAF0A85B-6B1C-4981-9EFA-D5E4D32ECF64}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{ACAECD4E-123A-4FAE-9309-CB74AC1F1FB7}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{D61F9CA2-24E6-4BC4-ACE9-9E1078F39F99}D:\neuer ordner\cod4\cod4\iw3mp.exe" = protocol=6 | dir=in | app=d:\neuer ordner\cod4\cod4\iw3mp.exe | 
"TCP Query User{D8A0D2B4-A941-4AD2-91CE-9A5E5B1C060F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E296349A-C379-44B6-A31E-BAB6640A262E}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
"TCP Query User{ECF60BC5-9EC9-494D-B1EC-0490F8CAF1FE}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
"UDP Query User{2689C806-7553-4728-A8A4-6F149C96DCEB}D:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe | 
"UDP Query User{3B3F54F4-0863-4D8A-A307-39E3477A54D5}C:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe | 
"UDP Query User{3BAAE4DB-74DB-47AD-AB09-5C2EA06BA8F2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{4A81A867-E6BC-42F4-A59E-C97FBCB88FD8}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
"UDP Query User{7D0C2B6B-A706-4C51-9970-E6CC81CF1F89}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{8222BDE7-C16B-43AC-994C-57FA1CF6BAD9}D:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=d:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe | 
"UDP Query User{8AB6D321-361E-4A08-BADD-36BF0D676D54}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{A39FF9F3-919D-434A-B12E-67D155315506}D:\neuer ordner\cod4\cod4\iw3mp.exe" = protocol=17 | dir=in | app=d:\neuer ordner\cod4\cod4\iw3mp.exe | 
"UDP Query User{BA985D21-8843-4846-92B1-04F4EDF46BB4}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"UDP Query User{BF6CF929-AE18-4695-9763-D79507A07039}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{CC46F96F-4DC4-4AF3-8188-C014F830D27B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{F369DD4E-EB21-452A-9626-5BBCF234594F}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{FD224C18-2BD6-432C-A647-8E116B863710}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{D09E159D-0264-4597-B200-A9B4C0866F25}" = Samsung RAW Converter 4
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows-Treiberpaket - Nokia Modem  (02/24/2009 4.0)
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows-Treiberpaket - Nokia Modem  (02/23/2009 7.01.0.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{D09E159D-0264-4597-B200-A9B4C0866F25}" = Samsung RAW Converter 4
"Intelli-studio" = SAMSUNG Intelli-studio
"LG Internet Kit" = LG Internet Kit
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mp3tag" = Mp3tag v2.43
"Nokia PC Suite" = Nokia PC Suite
"Picasa2" = Picasa 2
"PokerStars" = PokerStars
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"TomTom HOME" = TomTom HOME 2.8.1.2218
"Valentin Meteo Data 1.0.24_is1" = Valentin Meteo Data 1.0.24
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.05.2011 09:37:28 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.05.2011 09:38:37 | Computer Name = Holzwurm | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2011 09:46:18 | Computer Name = Holzwurm | Source = EventSystem | ID = 4621
Description = 
 
Error - 03.05.2011 06:35:01 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.05.2011 06:35:01 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.05.2011 06:35:45 | Computer Name = Holzwurm | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.05.2011 06:39:51 | Computer Name = Holzwurm | Source = VSS | ID = 8193
Description = 
 
Error - 03.05.2011 06:44:43 | Computer Name = Holzwurm | Source = VSS | ID = 8193
Description = 
 
Error - 03.05.2011 06:45:29 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.05.2011 06:46:45 | Computer Name = Holzwurm | Source = EventSystem | ID = 4621
Description = 
 
[ Media Center Events ]
Error - 30.01.2011 16:01:59 | Computer Name = Holzwurm | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ System Events ]
Error - 09.06.2011 14:07:47 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description = 
 
Error - 09.06.2011 14:08:34 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 10.06.2011 10:01:20 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description = 
 
Error - 10.06.2011 10:02:32 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 10.06.2011 10:33:51 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description = 
 
Error - 10.06.2011 10:34:41 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 10.06.2011 10:52:26 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description = 
 
Error - 10.06.2011 10:54:22 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 10.06.2011 11:02:15 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description = 
 
Error - 10.06.2011 11:03:08 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

Malwarebytes habe ich durchlaufen lassen aber vergesser vor dem Neustart den Bericht zu sichern. Sorry.

Im Benutzerkonto 2 kommen die Fehlermeldungen nicht. Ich kann aber auf keine Dateien meines Kontos zugreifen. Alles leer bzw. wird nicht angezeigt.

Danke

Wer suchet der findet

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
 
Datenbank Version: 6826
 
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
 
10.06.2011 16:50:31
mbam-log-2011-06-10 (16-50-31).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 168851
Laufzeit: 4 Minute(n), 44 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hupbXGtblaxktVF (Trojan.FakeAlert) -> Value: hupbXGtblaxktVF -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Wer suchet der findet
 
 
Infizierte Dateien:
c:\programdata\hupbxgtblaxktvf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\39968504.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\9186.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\91B6.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\9840.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\tmp9138.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Ist das ein Virus? Kann ich irgendwie an meine Daten kommen?

Für Hilfe bin ich sehr dankbar.

Gruß Christian

cosinus · 14.06.2011, 10:30

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Holzwurm 2 · 14.06.2011, 17:45

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6826

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10.06.2011 17:24:32
mbam-log-2011-06-10 (17-24-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 87745
Laufzeit: 20 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Systemwiederherstellung funktioniert nicht.

cosinus · 14.06.2011, 19:10

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4e0a1186-b75b-11df-b5ba-00224332dce4}\Shell - "" = AutoRun
O33 - MountPoints2\{4e0a1186-b75b-11df-b5ba-00224332dce4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{59da691c-0366-11df-8447-00235484469c}\Shell\AutoRun\command - "" = I:\Menu.exe
O33 - MountPoints2\{e3c08c06-1847-11e0-a30d-00224332dce4}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c08c06-1847-11e0-a30d-00224332dce4}\Shell\AutoRun\command - "" = E:\iStudio.exe
[2011.06.09 16:20:46 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore
[2011.06.09 16:44:41 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~39968504r
[2011.06.09 16:44:41 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~39968504
[2011.06.09 16:20:47 | 000,000,600 | -H-- | M] () -- C:\Users\irarref575\Desktop\Windows Vista Restore.lnk
[2011.06.09 16:20:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\39968504
[2011.06.01 08:18:14 | 000,087,608 | -H-- | M] () -- C:\Users\irarref575\AppData\Roaming\inst.exe
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Holzwurm 2 · 14.06.2011, 20:43

Code:

ATTFilter

========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e0a1186-b75b-11df-b5ba-00224332dce4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e0a1186-b75b-11df-b5ba-00224332dce4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e0a1186-b75b-11df-b5ba-00224332dce4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e0a1186-b75b-11df-b5ba-00224332dce4}\ not found.
File E:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59da691c-0366-11df-8447-00235484469c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59da691c-0366-11df-8447-00235484469c}\ not found.
File I:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3c08c06-1847-11e0-a30d-00224332dce4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3c08c06-1847-11e0-a30d-00224332dce4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3c08c06-1847-11e0-a30d-00224332dce4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3c08c06-1847-11e0-a30d-00224332dce4}\ not found.
File E:\iStudio.exe not found.
C:\Users\irarref575\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore folder moved successfully.
C:\ProgramData\~39968504r moved successfully.
C:\ProgramData\~39968504 moved successfully.
C:\Users\irarref575\Desktop\Windows Vista Restore.lnk moved successfully.
C:\ProgramData\39968504 moved successfully.
C:\Users\irarref575\AppData\Roaming\inst.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.24.0 log created on 06142011_213943

Nach dem Neustart sind die Ordner auf dem Desktop transparent Dargestellt. Auf fast alle kann ich zugreifen. "Eigene Dateien" und "Lokale Einstellungen" wird der zugriff verweigert.
Gruß Christian

cosinus · 14.06.2011, 21:26

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Holzwurm 2 · 14.06.2011, 21:58

Code:

ATTFilter

2011/06/14 22:41:23.0322 4092	TDSS rootkit removing tool 2.5.4.0 Jun  7 2011 17:31:48
2011/06/14 22:41:25.0325 4092	================================================================================
2011/06/14 22:41:30.0447 4092	SystemInfo:
2011/06/14 22:41:30.0447 4092	
2011/06/14 22:41:30.0448 4092	OS Version: 6.0.6002 ServicePack: 2.0
2011/06/14 22:41:30.0448 4092	Product type: Workstation
2011/06/14 22:41:30.0448 4092	ComputerName: HOLZWURM
2011/06/14 22:41:30.0449 4092	UserName: irarref575
2011/06/14 22:41:30.0449 4092	Windows directory: C:\Windows
2011/06/14 22:41:30.0449 4092	System windows directory: C:\Windows
2011/06/14 22:41:30.0449 4092	Processor architecture: Intel x86
2011/06/14 22:41:30.0449 4092	Number of processors: 2
2011/06/14 22:41:30.0449 4092	Page size: 0x1000
2011/06/14 22:41:30.0449 4092	Boot type: Normal boot
2011/06/14 22:41:30.0449 4092	================================================================================
2011/06/14 22:41:34.0048 4092	Initialize success
2011/06/14 22:51:58.0020 0272	================================================================================
2011/06/14 22:51:58.0020 0272	Scan started
2011/06/14 22:51:58.0020 0272	Mode: Manual; 
2011/06/14 22:51:58.0021 0272	================================================================================
2011/06/14 22:51:58.0674 0272	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/14 22:51:58.0760 0272	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/14 22:51:58.0804 0272	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/14 22:51:58.0846 0272	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/14 22:51:58.0880 0272	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/14 22:51:59.0006 0272	AF15BDA         (3cd15ebaa1d68bc18ce14a26683bc1ec) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/06/14 22:51:59.0080 0272	Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2011/06/14 22:51:59.0196 0272	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/14 22:51:59.0323 0272	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/14 22:51:59.0439 0272	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/14 22:51:59.0490 0272	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/14 22:51:59.0561 0272	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/14 22:51:59.0585 0272	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/14 22:51:59.0614 0272	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/14 22:51:59.0639 0272	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/14 22:51:59.0827 0272	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/14 22:51:59.0894 0272	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/14 22:51:59.0931 0272	AsDsm           (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
2011/06/14 22:52:00.0036 0272	ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/06/14 22:52:00.0194 0272	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/14 22:52:00.0254 0272	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/14 22:52:00.0450 0272	athr            (d59e7a5daa08c91172e95b4f1ca6d8c3) C:\Windows\system32\DRIVERS\athr.sys
2011/06/14 22:52:00.0659 0272	atikmdag        (8ae1745bfc7d383daa3f82fe8d7be7c0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/14 22:52:00.0781 0272	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/14 22:52:00.0874 0272	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/14 22:52:00.0917 0272	avmaudio        (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys
2011/06/14 22:52:01.0011 0272	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/14 22:52:01.0082 0272	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/14 22:52:01.0130 0272	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/14 22:52:01.0246 0272	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/14 22:52:01.0272 0272	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/14 22:52:01.0461 0272	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/14 22:52:01.0492 0272	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/14 22:52:01.0525 0272	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/14 22:52:01.0555 0272	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/14 22:52:01.0640 0272	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/14 22:52:01.0702 0272	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/14 22:52:01.0818 0272	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/14 22:52:01.0884 0272	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/14 22:52:01.0928 0272	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/14 22:52:02.0058 0272	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/14 22:52:02.0088 0272	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/14 22:52:02.0112 0272	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/14 22:52:02.0138 0272	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/14 22:52:02.0176 0272	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/14 22:52:02.0263 0272	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/14 22:52:02.0448 0272	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/14 22:52:02.0550 0272	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/14 22:52:02.0604 0272	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/14 22:52:02.0686 0272	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/14 22:52:02.0776 0272	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/14 22:52:02.0893 0272	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/14 22:52:02.0943 0272	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/14 22:52:03.0119 0272	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/14 22:52:03.0166 0272	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/14 22:52:03.0278 0272	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/14 22:52:03.0351 0272	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/14 22:52:03.0390 0272	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/14 22:52:03.0481 0272	FlashUSB        (5575ee5823de1558f8486eb4e33ffa99) C:\Windows\system32\DRIVERS\FlashUSB.sys
2011/06/14 22:52:03.0518 0272	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/14 22:52:03.0562 0272	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/14 22:52:03.0707 0272	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/14 22:52:03.0734 0272	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/14 22:52:03.0988 0272	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/14 22:52:04.0126 0272	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/14 22:52:04.0192 0272	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/14 22:52:04.0242 0272	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/14 22:52:04.0285 0272	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/14 22:52:04.0325 0272	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/14 22:52:04.0393 0272	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/14 22:52:04.0442 0272	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/14 22:52:04.0515 0272	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/14 22:52:04.0543 0272	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/14 22:52:04.0662 0272	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/14 22:52:04.0798 0272	IntcAzAudAddService (b795745f7e51aa20d46753ec5a811aca) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/14 22:52:04.0890 0272	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/14 22:52:04.0954 0272	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/14 22:52:04.0996 0272	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/14 22:52:05.0062 0272	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/14 22:52:05.0114 0272	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/14 22:52:05.0144 0272	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/14 22:52:05.0173 0272	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/14 22:52:05.0298 0272	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/14 22:52:05.0349 0272	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/14 22:52:05.0431 0272	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/14 22:52:05.0460 0272	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/14 22:52:05.0504 0272	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/14 22:52:05.0574 0272	kbfiltr         (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/06/14 22:52:05.0626 0272	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/14 22:52:05.0734 0272	LgBttPort       (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys
2011/06/14 22:52:05.0863 0272	lgbusenum       (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys
2011/06/14 22:52:05.0903 0272	LGVMODEM        (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys
2011/06/14 22:52:05.0974 0272	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/14 22:52:06.0030 0272	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/14 22:52:06.0063 0272	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/14 22:52:06.0117 0272	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/14 22:52:06.0152 0272	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/14 22:52:06.0218 0272	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/14 22:52:06.0299 0272	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/14 22:52:06.0349 0272	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/14 22:52:06.0438 0272	MODEMCSA        (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2011/06/14 22:52:06.0495 0272	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/14 22:52:06.0528 0272	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/14 22:52:06.0563 0272	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/14 22:52:06.0592 0272	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/14 22:52:06.0662 0272	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/14 22:52:06.0698 0272	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/14 22:52:06.0736 0272	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/14 22:52:06.0777 0272	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/14 22:52:06.0856 0272	mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/14 22:52:07.0000 0272	mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/14 22:52:07.0086 0272	mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/14 22:52:07.0240 0272	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/06/14 22:52:07.0273 0272	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/14 22:52:07.0320 0272	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/14 22:52:07.0387 0272	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/14 22:52:07.0473 0272	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/14 22:52:07.0537 0272	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/14 22:52:07.0566 0272	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/14 22:52:07.0613 0272	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/14 22:52:07.0657 0272	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/14 22:52:07.0685 0272	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/14 22:52:07.0727 0272	MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/06/14 22:52:07.0772 0272	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/14 22:52:07.0886 0272	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/14 22:52:07.0970 0272	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/14 22:52:08.0050 0272	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/14 22:52:08.0093 0272	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/14 22:52:08.0167 0272	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/14 22:52:08.0210 0272	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/14 22:52:08.0240 0272	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/14 22:52:08.0283 0272	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/14 22:52:08.0404 0272	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/14 22:52:08.0557 0272	nmwcd           (4a8a2aa0706b659175169decf198e9d7) C:\Windows\system32\drivers\ccdcmb.sys
2011/06/14 22:52:08.0611 0272	nmwcdc          (fd3e61831095ac62e6840d986b5a2016) C:\Windows\system32\drivers\ccdcmbo.sys
2011/06/14 22:52:08.0648 0272	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/14 22:52:08.0696 0272	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/14 22:52:08.0766 0272	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/14 22:52:08.0830 0272	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/14 22:52:08.0883 0272	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/14 22:52:08.0934 0272	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/14 22:52:08.0985 0272	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/14 22:52:09.0019 0272	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/14 22:52:09.0148 0272	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/14 22:52:09.0242 0272	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/14 22:52:09.0291 0272	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/14 22:52:09.0330 0272	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/14 22:52:09.0422 0272	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/06/14 22:52:09.0479 0272	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/14 22:52:09.0558 0272	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/14 22:52:09.0626 0272	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/14 22:52:09.0752 0272	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/14 22:52:09.0991 0272	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/14 22:52:10.0083 0272	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/14 22:52:10.0224 0272	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/14 22:52:10.0330 0272	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/14 22:52:10.0432 0272	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/14 22:52:10.0473 0272	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/14 22:52:10.0507 0272	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/14 22:52:10.0541 0272	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/14 22:52:10.0578 0272	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/14 22:52:10.0626 0272	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/14 22:52:10.0675 0272	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/14 22:52:10.0723 0272	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/14 22:52:10.0760 0272	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/14 22:52:10.0807 0272	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/14 22:52:10.0835 0272	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/14 22:52:10.0902 0272	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/14 22:52:10.0981 0272	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/14 22:52:11.0028 0272	RTSTOR          (52532a4ca8b251775decc87c4813abfb) C:\Windows\system32\drivers\RTSTOR.SYS
2011/06/14 22:52:11.0107 0272	s125bus         (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys
2011/06/14 22:52:11.0183 0272	s125mdfl        (f83f88e1b125308fb5015ea0349502b0) C:\Windows\system32\DRIVERS\s125mdfl.sys
2011/06/14 22:52:11.0215 0272	s125mdm         (402a97756c14940ad6ae5169c2fb105e) C:\Windows\system32\DRIVERS\s125mdm.sys
2011/06/14 22:52:11.0265 0272	s125mgmt        (82b14c51de76825ec769a6374e4c57d6) C:\Windows\system32\DRIVERS\s125mgmt.sys
2011/06/14 22:52:11.0307 0272	s125obex        (bedfc5707c356fd073bf1a4afe442d91) C:\Windows\system32\DRIVERS\s125obex.sys
2011/06/14 22:52:11.0355 0272	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/14 22:52:11.0442 0272	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/14 22:52:11.0480 0272	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/14 22:52:11.0525 0272	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/14 22:52:11.0556 0272	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/14 22:52:11.0594 0272	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/14 22:52:11.0654 0272	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/14 22:52:11.0695 0272	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/14 22:52:11.0725 0272	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/14 22:52:11.0762 0272	sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/14 22:52:11.0825 0272	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/14 22:52:11.0937 0272	SiSGbeLH        (a029482be40def54df02fce751aa16dc) C:\Windows\system32\DRIVERS\SiSGB6.sys
2011/06/14 22:52:11.0976 0272	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/14 22:52:12.0024 0272	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/14 22:52:12.0081 0272	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/14 22:52:12.0177 0272	smserial        (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
2011/06/14 22:52:12.0241 0272	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/14 22:52:12.0337 0272	sptd            (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/06/14 22:52:12.0337 0272	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/06/14 22:52:12.0351 0272	sptd - detected LockedFile.Multi.Generic (1)
2011/06/14 22:52:12.0408 0272	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/14 22:52:12.0455 0272	srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/14 22:52:12.0497 0272	srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/14 22:52:12.0545 0272	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/14 22:52:12.0632 0272	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/14 22:52:12.0680 0272	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/14 22:52:12.0718 0272	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/14 22:52:12.0768 0272	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/14 22:52:12.0837 0272	SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/14 22:52:12.0996 0272	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/14 22:52:13.0062 0272	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/14 22:52:13.0116 0272	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/14 22:52:13.0162 0272	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/14 22:52:13.0195 0272	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/14 22:52:13.0238 0272	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/14 22:52:13.0282 0272	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/14 22:52:13.0372 0272	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/14 22:52:13.0415 0272	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/14 22:52:13.0457 0272	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/14 22:52:13.0518 0272	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/14 22:52:13.0609 0272	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/14 22:52:13.0686 0272	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/14 22:52:13.0729 0272	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/14 22:52:13.0783 0272	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/14 22:52:13.0822 0272	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/14 22:52:13.0862 0272	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/14 22:52:13.0940 0272	upperdev        (587e643a4e2ffd9a00f114b057ceb773) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/06/14 22:52:13.0991 0272	usbbus          (8ef48ff1c23b1ce6f96d09a45959eb20) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/06/14 22:52:14.0056 0272	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/14 22:52:14.0088 0272	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/14 22:52:14.0162 0272	UsbDiag         (a0e24c5c2d0cff04bbd3753a72fae80b) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/06/14 22:52:14.0199 0272	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/14 22:52:14.0248 0272	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/14 22:52:14.0321 0272	USBModem        (cc09a1132b1f6a8362107cc134e90d0b) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/06/14 22:52:14.0351 0272	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/14 22:52:14.0391 0272	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/14 22:52:14.0461 0272	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/14 22:52:14.0514 0272	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
2011/06/14 22:52:14.0581 0272	UsbserFilt      (fca6a196d47cb972a0e4adc0db9cd17c) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/06/14 22:52:14.0626 0272	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/14 22:52:14.0669 0272	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/14 22:52:14.0832 0272	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/14 22:52:14.0894 0272	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/14 22:52:14.0932 0272	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/14 22:52:14.0971 0272	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/14 22:52:15.0005 0272	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/14 22:52:15.0045 0272	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/14 22:52:15.0088 0272	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/14 22:52:15.0134 0272	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/14 22:52:15.0193 0272	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/14 22:52:15.0296 0272	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/14 22:52:15.0350 0272	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/14 22:52:15.0381 0272	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 22:52:15.0426 0272	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 22:52:15.0483 0272	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/14 22:52:15.0581 0272	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/14 22:52:15.0744 0272	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/14 22:52:15.0896 0272	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/14 22:52:15.0990 0272	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/14 22:52:16.0049 0272	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/14 22:52:16.0147 0272	yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/06/14 22:52:16.0214 0272	MBR (0x1B8)     (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
2011/06/14 22:52:16.0237 0272	================================================================================
2011/06/14 22:52:16.0237 0272	Scan finished
2011/06/14 22:52:16.0237 0272	================================================================================
2011/06/14 22:52:16.0256 1576	Detected object count: 1
2011/06/14 22:52:16.0256 1576	Actual detected object count: 1
2011/06/14 22:52:40.0068 1576	LockedFile.Multi.Generic(sptd) - User select action: Skip

unhide ausgeführt ich glaube es ist alles wieder da.

Gruß Christian

cosinus · 15.06.2011, 08:50

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Holzwurm 2 · 15.06.2011, 17:44

Code:

ATTFilter

ComboFix 11-06-15.01 - irarref575 15.06.2011  17:31:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3071.2066 [GMT 2:00]
ausgeführt von:: c:\users\irarref575\Desktop\confi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\irarref575\AppData\Roaming\pcouffin.sys
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-15 bis 2011-06-15  ))))))))))))))))))))))))))))))
.
.
2011-06-15 15:52 . 2011-06-15 15:52	--------	d-----w-	c:\users\irarref575\AppData\Local\temp
2011-06-15 15:52 . 2011-06-15 15:52	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-06-15 15:52 . 2011-06-15 15:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-15 15:21 . 2011-06-15 15:21	--------	d-----w-	c:\users\irarref575\Bilder
2011-06-14 19:39 . 2011-06-14 19:39	--------	d-----w-	C:\_OTL
2011-06-14 07:42 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8855A1BA-9F22-4E81-9C62-B506D6BBAEC8}\mpengine.dll
2011-06-10 14:53 . 2011-06-10 14:53	--------	d-----w-	c:\users\Gast\AppData\Roaming\Malwarebytes
2011-06-10 14:42 . 2011-06-10 14:42	--------	d-----w-	c:\users\irarref575\AppData\Roaming\Malwarebytes
2011-06-10 14:42 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-10 14:42 . 2011-06-10 14:42	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-10 14:42 . 2011-06-10 14:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-06-10 14:42 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-01 06:18 . 2011-06-01 06:18	--------	d-----w-	c:\users\irarref575\AppData\Roaming\Vso
2011-06-01 06:16 . 2011-06-09 09:05	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-26 08:58 . 2011-05-26 08:58	--------	d-----w-	c:\users\irarref575\AppData\Local\PDF24
2011-05-26 08:58 . 2011-05-26 08:58	--------	d-----w-	c:\program files\PDF24
2011-05-23 21:05 . 2011-06-14 08:20	--------	d-----w-	C:\ifx
2011-05-23 21:05 . 2010-05-12 10:23	16896	----a-w-	c:\windows\system32\drivers\FlashUSB.sys
2011-05-23 21:02 . 2011-05-23 21:02	--------	d-----w-	C:\LG_USB
2011-05-23 20:16 . 2011-05-23 20:16	101248	----a-w-	c:\windows\system32\drivers\avmaudio.sys
2011-05-23 20:16 . 2011-05-23 20:16	32256	----a-w-	c:\windows\system32\MiniInstaller.dll
2011-05-23 20:16 . 2011-05-23 20:16	--------	d-----w-	c:\users\irarref575\AppData\Local\Apps
2011-05-23 20:16 . 2011-06-15 15:16	--------	d-----w-	c:\users\irarref575\AppData\Local\Deployment
2011-05-23 11:44 . 2011-06-14 08:20	--------	d-----w-	c:\users\irarref575\AppData\Roaming\vlc
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 15:15 . 2008-11-10 23:24	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-04-14 03:07 . 2011-05-03 10:45	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-05-02 05:34 . 2011-03-25 19:39	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AVMUSBFernanschluss"="c:\users\irarref575\AppData\Local\Apps\2.0\1CEDPDX9.Z1J\8Q3ZH6PO.5TX\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-05-23 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^irarref575^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\irarref575\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 00:25	497648	----a-w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-11-10 23:19	37232	----a-w-	c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-11-10 23:19	33136	----a-w-	c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMFBoxMonitor]
2009-07-06 01:00	1503232	----a-w-	c:\program files\FRITZ!Box Monitor\FRITZBoxMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2011-01-13 07:20	395192	----a-w-	c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 03:52	104936	----a-w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40	687560	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4200 Series]
2005-03-08 04:00	98304	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIAEE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4200 Series (Kopie 1)]
2005-03-08 04:00	98304	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIAEE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG LinkAir]
2010-08-05 11:49	2436968	----a-w-	c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 18:16	2363392	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50	155648	----a-w-	c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 02:11	210216	----a-w-	c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-03-20 12:32	1312256	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-04-28 07:59	220552	----a-w-	c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-08-03 04:52	778240	----a-w-	c:\program files\P4P\P4P.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17	61440	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30	247728	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f0cf51a7f715;Google Update Service (gupdate1c9f0cf51a7f715);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 133104]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-05 717296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-05-23 101248]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avgntflt
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 11:15]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 11:15]
.
2010-12-20 c:\windows\Tasks\User_Feed_Synchronization-{DAC806BD-EA5E-43F7-A13C-BF225E18D1DF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\irarref575\AppData\Roaming\Mozilla\Firefox\Profiles\x3t7edo9.default\
FF - prefs.js: browser.startup.homepage - t-online.de
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-FRITZ!protect - FwebProt.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MSConfigStartUp-Steam - d:\spiele\Steam.exe
AddRemove-Asus_Camera_ScreenSaver - c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-15 17:52
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-06-15  17:54:43
ComboFix-quarantined-files.txt  2011-06-15 15:54
.
Vor Suchlauf: 12 Verzeichnis(se), 100.634.177.536 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 100.175.810.560 Bytes frei
.
- - End Of File - - 1604DE7820AF8C8EBAE097AC54575BD0

Gruß Christian

cosinus · 15.06.2011, 21:19

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Dirlook::
C:\ifx
c:\users\irarref575\AppData\Roaming\Vso

Filelook::
c:\windows\system32\acovcnt.exe

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Holzwurm 2 · 16.06.2011, 06:06

Code:

ATTFilter

ComboFix 11-06-15.01 - irarref575 15.06.2011  23:17:34.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3071.2141 [GMT 2:00]
ausgeführt von:: c:\users\irarref575\Desktop\confi.exe
Benutzte Befehlsschalter :: c:\users\irarref575\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-15 bis 2011-06-15  ))))))))))))))))))))))))))))))
.
.
2011-06-15 21:38 . 2011-06-15 21:38	--------	d-----w-	c:\users\irarref575\AppData\Local\temp
2011-06-15 21:38 . 2011-06-15 21:38	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-06-15 21:38 . 2011-06-15 21:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-15 15:21 . 2011-06-15 15:21	--------	d-----w-	c:\users\irarref575\Bilder
2011-06-14 19:39 . 2011-06-14 19:39	--------	d-----w-	C:\_OTL
2011-06-14 07:42 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8855A1BA-9F22-4E81-9C62-B506D6BBAEC8}\mpengine.dll
2011-06-10 14:53 . 2011-06-10 14:53	--------	d-----w-	c:\users\Gast\AppData\Roaming\Malwarebytes
2011-06-10 14:42 . 2011-06-10 14:42	--------	d-----w-	c:\users\irarref575\AppData\Roaming\Malwarebytes
2011-06-10 14:42 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-10 14:42 . 2011-06-10 14:42	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-10 14:42 . 2011-06-10 14:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-06-10 14:42 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-01 06:18 . 2011-06-01 06:18	--------	d-----w-	c:\users\irarref575\AppData\Roaming\Vso
2011-06-01 06:16 . 2011-06-09 09:05	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-26 08:58 . 2011-05-26 08:58	--------	d-----w-	c:\users\irarref575\AppData\Local\PDF24
2011-05-26 08:58 . 2011-05-26 08:58	--------	d-----w-	c:\program files\PDF24
2011-05-23 21:05 . 2011-06-14 08:20	--------	d-----w-	C:\ifx
2011-05-23 21:05 . 2010-05-12 10:23	16896	----a-w-	c:\windows\system32\drivers\FlashUSB.sys
2011-05-23 21:02 . 2011-05-23 21:02	--------	d-----w-	C:\LG_USB
2011-05-23 20:16 . 2011-05-23 20:16	101248	----a-w-	c:\windows\system32\drivers\avmaudio.sys
2011-05-23 20:16 . 2011-05-23 20:16	32256	----a-w-	c:\windows\system32\MiniInstaller.dll
2011-05-23 20:16 . 2011-05-23 20:16	--------	d-----w-	c:\users\irarref575\AppData\Local\Apps
2011-05-23 20:16 . 2011-06-15 15:16	--------	d-----w-	c:\users\irarref575\AppData\Local\Deployment
2011-05-23 11:44 . 2011-06-14 08:20	--------	d-----w-	c:\users\irarref575\AppData\Roaming\vlc
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 19:04 . 2008-11-10 23:24	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-04-14 03:07 . 2011-05-03 10:45	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-05-02 05:34 . 2011-03-25 19:39	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\acovcnt.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 45056
Created time: 2008-11-10 23:24
Modified time: 2011-06-15 19:04
MD5: 6BCAF46E2B7FA9ACE92B4D39F3037C5C
SHA1: 6D5A81E3CF59832D73F28D6E87F51D073C3E4095
.
---- Directory of C:\ifx ----
.
2011-05-23 21:05 . 2010-05-12 10:23	7602	----a-w-	c:\ifx\flashusb.cat
2011-05-23 21:05 . 2010-03-25 15:02	1852	----a-w-	c:\ifx\FlashUSB.inf
2011-05-23 21:05 . 2010-05-12 10:23	16896	----a-w-	c:\ifx\FlashUsb.sys
2011-05-23 21:05 . 2010-06-17 11:42	253952	----a-w-	c:\ifx\Uninstall.exe
.
---- Directory of c:\users\irarref575\AppData\Roaming\Vso ----
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AVMUSBFernanschluss"="c:\users\irarref575\AppData\Local\Apps\2.0\1CEDPDX9.Z1J\8Q3ZH6PO.5TX\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-05-23 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^irarref575^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\irarref575\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 00:25	497648	----a-w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-11-10 23:19	37232	----a-w-	c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-11-10 23:19	33136	----a-w-	c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMFBoxMonitor]
2009-07-06 01:00	1503232	----a-w-	c:\program files\FRITZ!Box Monitor\FRITZBoxMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2011-01-13 07:20	395192	----a-w-	c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 03:52	104936	----a-w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40	687560	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4200 Series]
2005-03-08 04:00	98304	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIAEE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4200 Series (Kopie 1)]
2005-03-08 04:00	98304	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIAEE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG LinkAir]
2010-08-05 11:49	2436968	----a-w-	c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 18:16	2363392	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50	155648	----a-w-	c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 02:11	210216	----a-w-	c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-03-20 12:32	1312256	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-04-28 07:59	220552	----a-w-	c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-08-03 04:52	778240	----a-w-	c:\program files\P4P\P4P.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17	61440	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30	247728	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f0cf51a7f715;Google Update Service (gupdate1c9f0cf51a7f715);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 133104]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-05 717296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-05-23 101248]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avgntflt
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 11:15]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 11:15]
.
2010-12-20 c:\windows\Tasks\User_Feed_Synchronization-{DAC806BD-EA5E-43F7-A13C-BF225E18D1DF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\irarref575\AppData\Roaming\Mozilla\Firefox\Profiles\x3t7edo9.default\
FF - prefs.js: browser.startup.homepage - t-online.de
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-15 23:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3004)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Zeit der Fertigstellung: 2011-06-15  23:40:27
ComboFix-quarantined-files.txt  2011-06-15 21:40
ComboFix2.txt  2011-06-15 15:54
.
Vor Suchlauf: 13 Verzeichnis(se), 98.035.630.080 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 98.003.214.336 Bytes frei
.
- - End Of File - - 3ABC2AC2AA0FE5CD008FF97BB59A89F9

Gruß Christian

cosinus · 16.06.2011, 10:11

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Holzwurm 2 · 17.06.2011, 11:17

Code:

ATTFilter

GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-17 12:13:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9320320AS rev.0303
Running: z26dddcv.exe; Driver: C:\Users\IRARRE~1\AppData\Local\Temp\uxrcipow.sys


---- System - GMER 1.0.15 ----

INT 0x51        ?                                                                                                                    84B92BF8
INT 0x52        ?                                                                                                                    86515BF8
INT 0x62        ?                                                                                                                    86515BF8
INT 0x72        ?                                                                                                                    86515BF8
INT 0xB2        ?                                                                                                                    84B92BF8

---- Kernel code sections - GMER 1.0.15 ----

?               System32\Drivers\spqm.sys                                                                                            Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                             section is writeable [0x8E002000, 0x1F875A, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                8A75A41B 5 Bytes  JMP 865151D8 
.text           abr4umom.SYS                                                                                                         8EC9D000 22 Bytes  [82, 13, 21, 82, 6C, 12, 21, ...]
.text           abr4umom.SYS                                                                                                         8EC9D017 137 Bytes  [00, 32, 27, 7A, 80, 3D, 25, ...]
.text           abr4umom.SYS                                                                                                         8EC9D0A1 43 Bytes  [60, 2E, 82, 74, 56, 28, 82, ...]
.text           abr4umom.SYS                                                                                                         8EC9D0CE 10 Bytes  [00, 00, 00, 00, 00, 00, 6A, ...]
.text           abr4umom.SYS                                                                                                         8EC9D0DA 12 Bytes  [00, 00, 02, 00, 00, 00, 25, ...]
.text           ...                                                                                                                  

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                            [806996D2] \SystemRoot\System32\Drivers\spqm.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                             [80699040] \SystemRoot\System32\Drivers\spqm.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                     [806997FC] \SystemRoot\System32\Drivers\spqm.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                            [806990BE] \SystemRoot\System32\Drivers\spqm.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                      [8069913C] \SystemRoot\System32\Drivers\spqm.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [806A9048] \SystemRoot\System32\Drivers\spqm.sys
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortNotification]                                           CC000CC2
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortWritePortUchar]                                         83EC8B55
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortWritePortUlong]                                         575320EC
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                     458DFF33
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                          8D5750FC
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                   5750F845
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortReadPortUchar]                                          8957046A
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortStallExecution]                                         75E8FC7D
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortGetParentBusType]                                       BB0001E8
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortRequestCallback]                                        000000EA
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                  850FC33B
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                   0000012B
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortCompleteRequest]                                        0FFC7D39
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortMoveMemory]                                             00012284
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                              458D5600
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                 106A50F4
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                   38335668
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortReadPortUshort]                                         FC75FF36
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                   D1E85757
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortInitialize]                                             8B0001E7
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortGetDeviceBase]                                          1BDEF7F0
IAT             \SystemRoot\System32\Drivers\abr4umom.SYS[ataport.SYS!AtaPortDeviceStateChange]                                      23D6F7F6

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                               855291F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                               AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

Device          \FileSystem\fastfat \FatCdrom                                                                                        875FC1F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                 855261F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                     865211F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                     865211F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                                     8651C1F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                               855261F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                               855261F8
Device          \Driver\cdrom \Device\CdRom0                                                                                         8653E2F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                          855281F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   855281F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   855281F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                   855281F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                          855281F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                               855261F8
Device          \Driver\cdrom \Device\CdRom1                                                                                         8653E2F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                               855261F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                              8679F500
Device          \Driver\PCI_PNP3358 \Device\0000004b                                                                                 spqm.sys
Device          \Driver\Smb \Device\NetbiosSmb                                                                                       86DF31F8
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                   865A91F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{0F823EC0-F707-4AFE-B0F9-8A306EFB3D98}                                             8679F500
Device          \Driver\usbohci \Device\USBFDO-0                                                                                     865211F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                     865211F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                     8651C1F8
Device          \Driver\sptd \Device\1758438358                                                                                      spqm.sys
Device          \Driver\netbt \Device\NetBT_Tcpip_{4E22DF29-9B64-460B-84F7-11597EB4DD95}                                             8679F500
Device          \Driver\abr4umom \Device\Scsi\abr4umom1                                                                              865AC1F8
Device          \Driver\abr4umom \Device\Scsi\abr4umom1Port4Path0Target0Lun0                                                         865AC1F8
Device          \FileSystem\fastfat \Fat                                                                                             875FC1F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                                                               87A0B1F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xB5 0x02 0x53 0x28 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xAE 0x4D 0xF2 0x8F ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x99 0x2F 0x0F 0x78 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xB5 0x02 0x53 0x28 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xAE 0x4D 0xF2 0x8F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x99 0x2F 0x0F 0x78 ...

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                                   0 bytes
File            C:\ADSM_PData_0150\DB                                                                                                0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                                          624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                                           512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                                      253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                                              512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                                          0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                                29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                                     512 bytes

---- EOF - GMER 1.0.15 ----

cosinus · 17.06.2011, 14:04

Was ist mit den anderen Logs?

Holzwurm 2 · 17.06.2011, 15:58

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	ASUSTeK Computer Inc.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		ASUSTeK Computer Inc.
System Product Name:		F5SL
Logical Drives Mask:		0x000000ec

Kernel Drivers (total 157):
  0x82212000 \SystemRoot\system32\ntkrnlpa.exe
  0x825CC000 \SystemRoot\system32\hal.dll
  0x80401000 \SystemRoot\system32\kdcom.dll
  0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80478000 \SystemRoot\system32\PSHED.dll
  0x80489000 \SystemRoot\system32\BOOTVID.dll
  0x80491000 \SystemRoot\system32\CLFS.SYS
  0x804D2000 \SystemRoot\system32\CI.dll
  0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80690000 \SystemRoot\System32\Drivers\spru.sys
  0x80790000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x80799000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x805B2000 \SystemRoot\system32\drivers\acpi.sys
  0x807BF000 \SystemRoot\system32\drivers\msisadrv.sys
  0x807C7000 \SystemRoot\system32\drivers\pci.sys
  0x807EE000 \SystemRoot\System32\drivers\partmgr.sys
  0x807FD000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8A209000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A213000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A222000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A26C000 \SystemRoot\system32\drivers\pciide.sys
  0x8A273000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8A281000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A291000 \SystemRoot\system32\drivers\atapi.sys
  0x8A299000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A2B7000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A2E9000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A2F9000 \SystemRoot\System32\Drivers\AsDsm.sys
  0x8A303000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8A30D000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8A406000 \SystemRoot\system32\drivers\ndis.sys
  0x8A511000 \SystemRoot\system32\drivers\msrpc.sys
  0x8A53C000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A60C000 \SystemRoot\System32\drivers\tcpip.sys
  0x8A6F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8A80F000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A91F000 \SystemRoot\system32\drivers\wd.sys
  0x8A927000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A960000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A968000 \SystemRoot\System32\Drivers\mup.sys
  0x8A977000 \SystemRoot\System32\drivers\ecache.sys
  0x8A99E000 \SystemRoot\system32\drivers\disk.sys
  0x8A9AF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A9D0000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8A800000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8A711000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8A71A000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
  0x8A722000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8E207000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x8E6D1000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8E771000 \SystemRoot\System32\drivers\watchdog.sys
  0x8E77D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8E790000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
  0x8E792000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8E79D000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8E7CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8E7CE000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8E7D9000 \SystemRoot\system32\drivers\Afc.sys
  0x8E7E1000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8A731000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x8A73B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8A779000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8A788000 \SystemRoot\system32\DRIVERS\SiSGB6.sys
  0x8EA09000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8EC00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8EC8D000 \SystemRoot\System32\Drivers\avv401bs.SYS
  0x8ECC3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8ECC7000 \SystemRoot\system32\DRIVERS\avmaudio.sys
  0x8ECE0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8ECEB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8ED1A000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8ED5B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8ED72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8ED7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8EDA0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8EDAF000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8EDC3000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8EDD8000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8EDE8000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8EBD6000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8EDEA000 \SystemRoot\system32\DRIVERS\lgbtbus.sys
  0x8EDED000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8A798000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8A7A5000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8A7DA000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8EDF7000 \SystemRoot\system32\DRIVERS\lgvmodem.sys
  0x8A7EB000 \SystemRoot\system32\drivers\modem.sys
  0x8EDFB000 \SystemRoot\system32\DRIVERS\lgbtport.sys
  0x8F000000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8A577000 \SystemRoot\system32\drivers\portcls.sys
  0x8A5A4000 \SystemRoot\system32\drivers\drmk.sys
  0x8F207000 \SystemRoot\system32\DRIVERS\smserial.sys
  0x8F2F7000 \SystemRoot\system32\drivers\MODEMCSA.sys
  0x8F301000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8F30A000 \SystemRoot\System32\Drivers\Null.SYS
  0x8F311000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8F321000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8F328000 \SystemRoot\System32\drivers\vga.sys
  0x8F334000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8F355000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8F35D000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8F365000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8F370000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8F37E000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8F387000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8F39D000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8F3B1000 \SystemRoot\system32\drivers\afd.sys
  0x8A5C9000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8A37E000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8F1F2000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8A394000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8F3F9000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8A3A7000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8A600000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8A3E3000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8F60E000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8F634000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x8F648000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8F655000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8F660000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x96AC0000 \SystemRoot\System32\win32k.sys
  0x8F668000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8F672000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x96CE0000 \SystemRoot\System32\TSDDD.dll
  0x96D00000 \SystemRoot\System32\cdd.dll
  0x96D10000 \SystemRoot\System32\ATMFD.DLL
  0x8F681000 \SystemRoot\system32\drivers\luafv.sys
  0x8F69C000 \SystemRoot\system32\drivers\spsys.sys
  0x8F74C000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8F75C000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8F786000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8F790000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x8F7A3000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
  0x9D60F000 \SystemRoot\system32\drivers\HTTP.sys
  0x9D67C000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9D699000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9D6B2000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9D6C7000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9D6E8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9D707000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9D740000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9D758000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9D780000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9D7CF000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x9D7D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x9D7E8000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9EC05000 \SystemRoot\system32\drivers\peauth.sys
  0x9ECE3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9ECF8000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9ED02000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9ED0E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x9ED23000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x9ED35000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x9ED5D000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x77760000 \Windows\System32\ntdll.dll
  0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 67):
       0 System Idle Process
       4 System
     456 C:\Windows\System32\smss.exe
     588 csrss.exe
     648 C:\Windows\System32\wininit.exe
     660 csrss.exe
     692 C:\Windows\System32\services.exe
     708 C:\Windows\System32\lsass.exe
     732 C:\Windows\System32\winlogon.exe
     768 C:\Windows\System32\lsm.exe
     928 C:\Windows\System32\svchost.exe
     988 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1092 C:\Windows\System32\Ati2evxx.exe
    1128 C:\Windows\System32\svchost.exe
    1204 C:\Windows\System32\svchost.exe
    1244 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\audiodg.exe
    1332 C:\Windows\System32\SLsvc.exe
    1368 C:\Windows\System32\svchost.exe
    1488 C:\Windows\System32\svchost.exe
    1576 C:\Windows\System32\Ati2evxx.exe
    1660 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    1672 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    1704 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1780 C:\Windows\System32\spoolsv.exe
    1804 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1816 C:\Windows\System32\svchost.exe
    1856 C:\Windows\System32\taskeng.exe
     536 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
     548 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
     916 C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    1700 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2064 C:\Windows\System32\svchost.exe
    2120 C:\Windows\System32\svchost.exe
    2168 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    2260 C:\Windows\System32\svchost.exe
    2308 C:\Windows\System32\SearchIndexer.exe
    2644 WUDFHost.exe
    2836 C:\Windows\servicing\TrustedInstaller.exe
    3348 C:\Windows\System32\taskeng.exe
    3444 C:\Windows\System32\taskeng.exe
    3460 C:\Windows\System32\dwm.exe
    3480 C:\Windows\explorer.exe
    3520 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    3572 C:\Program Files\ATKOSD2\ATKOSD2.exe
    3592 C:\Program Files\Wireless Console 2\wcourier.exe
    3600 C:\Program Files\P4G\BatteryLife.exe
    3668 C:\Program Files\ASUS\Splendid\ACMON.exe
    3684 C:\Windows\System32\SearchProtocolHost.exe
    3724 C:\Program Files\ATK Hotkey\HControl.exe
    3844 ACEngSvr.exe
    4092 C:\Program Files\ATK Hotkey\ATKOSD.exe
      12 C:\Program Files\ATK Hotkey\KBFiltr.exe
     688 C:\Windows\System32\ASUSTPE.exe
    2800 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2932 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2472 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2940 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    1060 C:\Windows\ehome\ehtray.exe
    3260 C:\Windows\ehome\ehmsas.exe
    1352 C:\Windows\System32\svchost.exe
     476 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4072 WmiPrvSE.exe
    2792 C:\Windows\System32\wuauclt.exe
    3000 C:\Windows\System32\SearchFilterHost.exe
    1796 C:\Users\irarref575\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`b3aef400  (NTFS)

PhysicalDrive0 Model Number: ST9320320AS, Rev: 0303    

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

Gruß Christian

17.06.2011, 14:04	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Problem mit IDE/SATA-Fetsplatten Was ist mit den anderen Logs? __________________ Logfiles bitte immer in CODE-Tags posten

Problem mit IDE/SATA-Fetsplatten

Log-Analyse und Auswertung: Problem mit IDE/SATA-Fetsplatten