PUM.Bad.Proxy im Zusammenhang mit Update-Problematik diverser Programme?

jonmg · 21.09.2011, 17:58

Hallo Forum,

seit geraumer Zeit funktionierte das Updaten unterschiedlichster Software nicht mehr wie gewohnt. Beispielsweise Antivir ließ sich nicht mehr automatisch aktualisieren, sowie auch einige weitere Programme wie der Acrobat Reader, etc. Um diesem Problem auf die Spur zu kommen, habe ich bereits einiges recherchiert, bis ich auf dieses Forum gestoßen bin. In diesem Zusammenhang habe ich mit Malewarebytes einen Scan durchgeführt, der mir den Fund von PUM.Bad.Proxy aufzeigte. Diesen habe ich bereits mit der Software selbst versucht zu bereinigen. Dies gelang nicht, jedoch funktioniert nun das Update von Antivir wieder wie gewohnt und muss nicht mehr manuell getätigt werden.

Nun möchte ich mir gerne helfen lassen, den Schädling wieder richtig loszuwerden und möglichst sicher zu gehen, dass alles wieder in Ordnung ist

Bevor ich mich angemeldet habe, habe ich einiges an Zeit mit diversen Scans verbracht:

OTL.txt

Code:

ATTFilter

OTL logfile created on: 21.09.2011 18:26:40 - Run 2
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,64% Memory free
4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,36 Gb Total Space | 100,12 Gb Free Space | 45,23% Space Free | Partition Type: NTFS
Drive D: | 11,52 Gb Total Space | 2,15 Gb Free Space | 18,69% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programme\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\7-Zip\7-zip.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (hpqcxs08) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\System32\drivers\s1039bus.sys (MCCI Corporation)
DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1039nd5.sys (MCCI Corporation)
DRV - (s1039mdm) -- C:\Windows\System32\drivers\s1039mdm.sys (MCCI Corporation)
DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1039unic.sys (MCCI Corporation)
DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\Windows\System32\drivers\s1039obex.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\Windows\System32\drivers\s1039mdfl.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.01.25
FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.04 20:40:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.02.18 15:51:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.15 13:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.21 15:25:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.04 20:40:15 | 000,000,000 | ---D | M]
 
[2008.08.27 19:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.07.24 14:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions
[2008.10.16 17:45:12 | 000,000,000 | ---D | M] ("Restore Scroll Position") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions\{19492deb-bec0-4211-82bc-4383133521d0}
[2010.04.29 15:38:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.12 18:26:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.24 15:35:31 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2009.08.10 22:54:11 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions\moveplayer@movenetworks.com
[2011.04.04 09:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JB9DAL8K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.09.15 13:13:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.21 17:34:48 | 000,438,248 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.163ns.com
O1 - Hosts: 15075 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - Reg Error: Value error. File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - Reg Error: Value error. File not found
O8 - Extra context menu item: Save YouTube Video - Reg Error: Value error. File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ6.5\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ6.5\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE6BFA98-E137-457E-AE76-C20F4ED7FB5D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC3A04A0-F023-46A4-B61A-61A52850D1EC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\Pictures\***.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\***.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{7a70f57f-0c32-11e0-afb3-001e6800b02e}\Shell - "" = AutoRun
O33 - MountPoints2\{7a70f57f-0c32-11e0-afb3-001e6800b02e}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{7e71569a-d7ea-11dc-b598-001e6800b02e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe KUNST.vbs
O33 - MountPoints2\{8982f7fd-40b7-11de-aecd-001e6800b02e}\Shell - "" = AutoRun
O33 - MountPoints2\{8982f7fd-40b7-11de-aecd-001e6800b02e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.21 11:23:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.09.21 11:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.21 11:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.21 11:23:15 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.21 11:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.15 22:48:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ibiza Urlaub
[2011.09.05 04:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery
[2011.09.05 04:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2011.09.05 04:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011.09.05 04:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011.09.05 03:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2011.09.04 23:03:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.08.26 19:09:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.08.26 19:03:04 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails
[2011.08.26 18:55:00 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\gegl-0.0
[2011.08.26 18:55:00 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.6
[2011.08.26 18:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011.08.26 18:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2009.11.09 17:10:38 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe448E.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.21 17:59:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.21 17:34:48 | 000,438,248 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.09.21 17:24:04 | 000,438,248 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110921-173448.backup
[2011.09.21 17:19:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.21 17:19:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.21 16:50:36 | 000,436,293 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110921-172404.backup
[2011.09.21 16:50:06 | 000,436,293 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110921-165036.backup
[2011.09.21 16:04:35 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.09.21 15:37:01 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.09.21 15:37:01 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.09.21 13:43:31 | 000,043,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.21 13:43:31 | 000,015,752 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.21 13:43:31 | 000,007,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.21 13:43:31 | 000,005,348 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.21 12:59:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.21 11:23:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.21 09:20:44 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.09.21 09:20:26 | 000,027,335 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2011.09.21 09:19:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.21 09:19:24 | 2146,394,112 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.19 23:03:40 | 001,595,641 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2011.09.19 11:28:57 | 000,003,340 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2011.09.06 00:47:56 | 000,259,440 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2011.09.05 03:47:16 | 000,000,192 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2011.09.05 03:43:52 | 000,039,424 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.05 03:31:57 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.26 18:54:46 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.08.25 19:29:06 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.21 16:04:35 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.09.21 11:23:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.19 23:03:40 | 001,595,641 | ---- | C] () -- C:\Users\***\Desktop\Pädagogik-Klausurfragen0001.pdf
[2011.09.19 11:28:57 | 000,003,340 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.09.06 00:47:52 | 000,259,440 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2011.09.05 04:18:49 | 000,006,200 | ---- | C] () -- C:\Windows\System32\INT13EXT.VXD
[2011.08.26 18:54:46 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.07.17 14:30:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.06.07 16:56:22 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.10.04 20:27:13 | 000,217,388 | ---- | C] () -- C:\Windows\hpoins46.dat
[2009.08.18 20:48:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.18 20:48:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.18 20:48:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.11 05:02:28 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009.05.19 23:51:46 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2009.04.12 02:54:04 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2008.07.14 00:58:42 | 000,007,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.02.17 02:59:30 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2008.02.11 23:20:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.02.09 17:10:45 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.07 20:49:13 | 000,039,424 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.07 20:38:27 | 000,000,192 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.02.07 20:26:37 | 000,027,335 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008.02.07 20:24:53 | 000,027,335 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.01.10 08:05:20 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.01.10 08:00:57 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007.10.24 17:37:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.10.24 17:37:51 | 000,043,730 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.10.24 17:37:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.24 17:37:51 | 000,015,752 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,379,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:33:01 | 000,007,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,005,348 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002.08.15 12:26:30 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxazih.exe
[2002.08.15 12:26:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxazlcnp.dll
[2002.08.15 12:26:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.07.16 13:46:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2009.10.08 21:42:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2010.08.12 18:26:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.31 20:12:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.09.21 11:18:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2008.07.01 20:46:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQLite
[2010.08.12 19:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut
[2008.12.09 16:13:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QIP
[2011.02.18 19:00:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2009.09.21 13:17:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp
[2008.02.07 20:38:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2009.09.21 13:43:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent
[2011.09.20 23:45:26 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extra.txt

Code:

ATTFilter

OTL Extras logfile created on: 21.09.2011 16:16:07 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,33% Memory free
4,23 Gb Paging File | 3,09 Gb Available in Paging File | 73,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,36 Gb Total Space | 99,95 Gb Free Space | 45,15% Space Free | Partition Type: NTFS
Drive D: | 11,52 Gb Total Space | 2,15 Gb Free Space | 18,69% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3081651487-471574012-991591674-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F49504-9DCE-4529-856E-9612B340658A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0E3E44FE-40E3-497C-837B-2837FD1935FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{B2EEA14D-A39B-4479-80AB-C7DDFA9B2183}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DDC398-FF99-4E2B-8EC3-E93E31628ACD}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"{06A9CCA1-E0DE-4BDF-87BC-486119C1DED5}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{06E7E775-89E9-410D-8D5D-726D520B31DC}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe | 
"{0FFD5ABE-9BB4-4873-8EA3-DE25FAA90BED}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{112E062A-3EA5-4682-84F6-80C2EEB0C801}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe | 
"{19F2A36C-FA8F-445C-A90E-86CA8F6474C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{292374C8-0CDE-43E3-ADE6-9F0B204028D8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe | 
"{2B9C5D94-D273-4DDC-94C9-5A71F8B566EB}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"{2C3AC89C-1BD9-47E9-AB76-2F58E1129FC0}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe | 
"{472C4E9A-DE99-4C98-85B9-688918600F6D}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | 
"{4C34D963-3987-4EFD-A067-0B4B3DF66B41}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{4E4DE71B-0E1D-45B0-8441-0C90907314E2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgh.exe | 
"{55E9053C-8370-4949-8952-CEA983292920}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{5C1BDBCD-A111-4618-90CA-9FDBEE4144C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{63C70CE5-794E-4710-846F-D12614A55C95}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\smart web printing\smartwebprintexe.exe | 
"{65076D90-E8CF-45CC-A013-A167D76022E4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{66C03272-7BBE-4A0B-87B1-8EA2FBC68BC3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{671D7A7F-93A6-4863-A19B-549864A30771}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{6AFDB053-D245-4B5A-9F24-C1B5649DD665}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\update.exe | 
"{6C9677C2-690B-49A8-ACF8-ED8DC02F0708}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{77FB49AB-9245-4CF9-BF56-5194BDFD70F8}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | 
"{82BD6292-3753-4C8C-B85B-84D9D47E3E86}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{86D3A2F2-8B2F-4DD0-808F-AC49F59AB428}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgm.exe | 
"{98DF1619-8B2F-4612-9670-440D03031E4F}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\update.exe | 
"{A24120C5-178E-4D6E-8369-AA4774DA4DAC}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqcopy2.exe | 
"{A603A047-F3EC-46D4-99DB-552BA7A394BA}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe | 
"{AEDD4483-6983-4A50-960D-FDB9C930B85E}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe | 
"{B13C0495-61D8-4BA5-9ECF-49285C8AB4E6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{B4D549DA-FBD3-48E9-9221-0672B5FB1772}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{C2966E71-9258-4983-A07A-7A984ED28EF4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | 
"{CBCE38E8-CB1A-485F-9849-AC5286B6245C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{CE12EEFA-D11B-4EFC-80E9-1205721D56D7}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{D5D27ECD-3096-4E0E-A421-3324A2BC88D0}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe | 
"{D81DCF4F-D3B7-40C9-8186-03D27A64E629}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{D8B450F8-5D11-41BC-9C80-015630442AAF}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | 
"{DFE8D8AB-2D87-415C-886A-B062EF79CEB0}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe | 
"{E81EFE11-0E64-4B6B-84AD-49CA08137DA4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | 
"{F96EB83C-959F-46B5-A168-3B373018A0BE}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe | 
"{FA4568A6-2C12-4209-9CA9-0E5BA99EE8DA}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | 
"{FC192219-3B52-4A65-8D92-2F684767F1F7}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{F5ACBED1-B52C-45BB-A6D2-B2C25E7E72D1}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{35660676-F707-4B81-8532-B4A0A79ABE9F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = Die Sims™ Lebensgeschichten
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{8933F004-2CEB-4656-A2E7-E27CE66E082D}" = Fathom 2
"{8CD0B297-122D-4718-9CE1-B72E796F7B21}" = Sony Ericsson Media Manager 1.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91244C78-951F-457C-B7E5-1447A3F79238}_is1" = ANSTOSS 4 Edition 03-04 1.7
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BA6E8AF-2122-4825-9B55-98BC351E3C94}" = ESU for Microsoft Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7B4C7E0-078F-42D6-90B2-001400795416}" = NWZ-S750 WALKMAN Guide
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CCC66778-C62B-D147-A3AC-B6E2FAA61715}" = Fragen-Lern-CD 4.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"7-Zip" = 7-Zip 4.32
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AskPBar Uninstall" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cinderella 1.4" = Cinderella 1.4
"Cinderella 2.0" = Cinderella 2.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CyberGhost VPN_is1" = CyberGhost VPN
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Funkyplot_is1" = Funkyplot 1.1.0-pre1
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"Google Updater" = Google Updater
"Handballparty 7m Action 1.0" = Handballparty 7m Action 1.0
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Pacific Hawk" = Pacific Hawk 1.0
"PDF Editor 2" = PDF Editor 2
"PokerStars" = PokerStars
"QIP 2005 8095 Jeak-Edition" = QIP 2005 8095 Jeak-Edition
"Recuva" = Recuva
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Sony Ericsson Update Service
"VLC media player" = VLC media player 1.0.1
"WildTangent hp Master Uninstall" = My HP Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"XMedia Recode" = XMedia Recode 2.2.3.9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra WebStart" = GeoGebra WebStart
"QIP Infium" = QIP Infium 2.0.9030 RC4
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.09.2011 05:24:40 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.09.2011 05:24:41 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.09.2011 09:22:34 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.09.2011 09:22:44 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.09.2011 09:38:25 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.09.2011 09:38:25 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.09.2011 09:39:22 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.09.2011 09:39:32 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.09.2011 09:40:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.09.2011 09:40:47 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ OSession Events ]
Error - 25.11.2010 08:26:48 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 3454 seconds with 780 seconds of active time.  This session ended with a 
crash.
 
[ System Events ]
Error - 20.09.2011 09:27:54 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 20.09.2011 10:57:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.09.2011 10:57:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 20.09.2011 15:48:07 | Computer Name = ***-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001E6800B02E zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1168. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 20.09.2011 16:02:08 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.100 für die Netzwerkkarte mit der Netzwerkadresse
 001E4CA63D35 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 21.09.2011 03:20:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.09.2011 03:20:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 21.09.2011 09:23:45 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 21.09.2011 09:23:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 21.09.2011 09:23:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

GMER.txt

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-21 18:14:36
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHY2250BH rev.890B
Running: 5qvdojir.exe; Driver: C:\Users\***\AppData\Local\Temp\kgloypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys  section is writeable [0x8C00C360, 0x35B0A2, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0   Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1   Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Malware.txt

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7761

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

21.09.2011 16:08:59
mbam-log-2011-09-21 (16-08-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Durchsuchte Objekte: 397481
Laufzeit: 2 Stunde(n), 7 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

In der Hoffnung nichts vergessen und alles richtig gemacht zu haben, verbleibe ich mit vielen Grüßen und freue mich über jegliche Hilfestellung,

jonmg

cosinus · 21.09.2011, 21:18

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

jonmg · 21.09.2011, 23:16

Habe nur noch einen vorherigen Log, da ich die Software leider erst seit heute nutze:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7761

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

21.09.2011 11:59:12
mbam-log-2011-09-21 (11-59-12).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 171874
Laufzeit: 7 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Etwas irritiert hat mich dann noch folgende Meldung von Antivir:

Code:

ATTFilter

Exportierte Ereignisse:

21.09.2011 19:40 [Guard] Malware gefunden
      In der Datei 'C:\Program Files\EA SPORTS\FUSSBALL MANAGER 08\Manager08.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

Code:

ATTFilter

Exportierte Ereignisse:

21.09.2011 20:07 [Scanner] Malware gefunden
      Die Datei 'C:\Program Files\EA SPORTS\FUSSBALL MANAGER 08\Manager08.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a518bf0.qua' 
      verschoben!

Scheint doch noch etwas mehr befallen zu sein?

cosinus · 21.09.2011, 23:23

Zitat:

21.09.2011 20:07 [Scanner] Malware gefunden
Die Datei 'C:\Program Files\EA SPORTS\FUSSBALL MANAGER 08\Manager08.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan].

Aus welcher Quelle ist dieses Spiel? Original-DVD? Ich frag nach um einzuordnen ob es ein Fehlalarm ist.

jonmg · 21.09.2011, 23:36

Das Spiel war von einer Original DVD und wurde ungefähr vor drei-vier Jahren installiert und schon eine ganze Weile nicht mehr angerührt. Spricht das nun für eine mögliche Fehlermeldung oder nicht? ;-)

cosinus · 21.09.2011, 23:54

Wenn dem so ist, ist das sehr sicher ein Fehlalarm

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

jonmg · 22.09.2011, 13:55

Hier der Inhalt der log.txt:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e069dc70718f684fac6088993f8d1b47
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-22 11:00:10
# local_time=2011-09-22 01:00:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 43619956 43619956 0 0
# compatibility_mode=1797 16775165 100 94 50955 53209480 58052 0
# compatibility_mode=5892 16776573 100 100 151905 154210345 0 0
# compatibility_mode=8192 67108863 100 0 1082 1082 0 0
# scanned=241439
# found=0
# cleaned=0
# scan_time=11592

cosinus · 22.09.2011, 15:01

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{7a70f57f-0c32-11e0-afb3-001e6800b02e}\Shell - "" = AutoRun
O33 - MountPoints2\{7a70f57f-0c32-11e0-afb3-001e6800b02e}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{7e71569a-d7ea-11dc-b598-001e6800b02e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe KUNST.vbs
O33 - MountPoints2\{8982f7fd-40b7-11de-aecd-001e6800b02e}\Shell - "" = AutoRun
O33 - MountPoints2\{8982f7fd-40b7-11de-aecd-001e6800b02e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

jonmg · 22.09.2011, 15:19

Ok, hier das Logfile vom OTL-Fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOMODE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a70f57f-0c32-11e0-afb3-001e6800b02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a70f57f-0c32-11e0-afb3-001e6800b02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a70f57f-0c32-11e0-afb3-001e6800b02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a70f57f-0c32-11e0-afb3-001e6800b02e}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e71569a-d7ea-11dc-b598-001e6800b02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e71569a-d7ea-11dc-b598-001e6800b02e}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe KUNST.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8982f7fd-40b7-11de-aecd-001e6800b02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8982f7fd-40b7-11de-aecd-001e6800b02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8982f7fd-40b7-11de-aecd-001e6800b02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8982f7fd-40b7-11de-aecd-001e6800b02e}\ not found.
File G:\LaunchU3.exe -a not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41085 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 55937465 bytes
->Temporary Internet Files folder emptied: 13001039 bytes
->Java cache emptied: 122063356 bytes
->FireFox cache emptied: 42950353 bytes
->Flash cache emptied: 2888121 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 25106 bytes
RecycleBin emptied: 2961862 bytes
 
Total Files Cleaned = 229,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.29.1 log created on 09222011_160924

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

Falls es nicht zu kompliziert ist, was habe ich den da nun eigentlich gemacht?

cosinus · 22.09.2011, 15:22

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

jonmg · 22.09.2011, 15:32

Code:

ATTFilter

2011/09/22 16:28:42.0423 0776	TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/22 16:28:42.0672 0776	================================================================================
2011/09/22 16:28:42.0672 0776	SystemInfo:
2011/09/22 16:28:42.0672 0776	
2011/09/22 16:28:42.0672 0776	OS Version: 6.0.6002 ServicePack: 2.0
2011/09/22 16:28:42.0672 0776	Product type: Workstation
2011/09/22 16:28:42.0672 0776	ComputerName: ***-PC
2011/09/22 16:28:42.0672 0776	UserName: ***
2011/09/22 16:28:42.0672 0776	Windows directory: C:\Windows
2011/09/22 16:28:42.0672 0776	System windows directory: C:\Windows
2011/09/22 16:28:42.0672 0776	Processor architecture: Intel x86
2011/09/22 16:28:42.0672 0776	Number of processors: 2
2011/09/22 16:28:42.0672 0776	Page size: 0x1000
2011/09/22 16:28:42.0672 0776	Boot type: Normal boot
2011/09/22 16:28:42.0672 0776	================================================================================
2011/09/22 16:28:43.0873 0776	Initialize success
2011/09/22 16:28:52.0500 0212	================================================================================
2011/09/22 16:28:52.0500 0212	Scan started
2011/09/22 16:28:52.0500 0212	Mode: Manual; 
2011/09/22 16:28:52.0500 0212	================================================================================
2011/09/22 16:28:53.0046 0212	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/22 16:28:53.0140 0212	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/09/22 16:28:53.0233 0212	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/09/22 16:28:53.0358 0212	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/09/22 16:28:53.0452 0212	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/09/22 16:28:53.0592 0212	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/22 16:28:53.0655 0212	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/09/22 16:28:53.0795 0212	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/22 16:28:53.0873 0212	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/09/22 16:28:53.0935 0212	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/09/22 16:28:54.0013 0212	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/09/22 16:28:54.0138 0212	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/09/22 16:28:54.0232 0212	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/22 16:28:54.0310 0212	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/09/22 16:28:54.0388 0212	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/09/22 16:28:54.0544 0212	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/22 16:28:54.0653 0212	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/22 16:28:54.0715 0212	athr            (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
2011/09/22 16:28:54.0871 0212	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/22 16:28:54.0949 0212	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/22 16:28:55.0043 0212	BCM43XV         (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/09/22 16:28:55.0230 0212	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/22 16:28:55.0386 0212	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/22 16:28:55.0449 0212	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/22 16:28:55.0558 0212	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/22 16:28:55.0636 0212	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/22 16:28:55.0714 0212	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/22 16:28:55.0792 0212	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/22 16:28:55.0854 0212	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/22 16:28:55.0979 0212	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/22 16:28:56.0229 0212	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/22 16:28:56.0291 0212	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/22 16:28:56.0400 0212	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/09/22 16:28:56.0541 0212	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/22 16:28:56.0634 0212	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/22 16:28:56.0712 0212	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/09/22 16:28:56.0821 0212	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/22 16:28:56.0899 0212	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/22 16:28:56.0977 0212	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/09/22 16:28:57.0118 0212	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/22 16:28:57.0227 0212	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/22 16:28:57.0367 0212	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/09/22 16:28:57.0430 0212	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/09/22 16:28:57.0477 0212	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/09/22 16:28:57.0586 0212	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/22 16:28:57.0726 0212	DXGKrnl         (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/22 16:28:57.0835 0212	E100B           (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/09/22 16:28:57.0929 0212	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/22 16:28:58.0085 0212	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/22 16:28:58.0225 0212	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/09/22 16:28:58.0366 0212	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/22 16:28:58.0491 0212	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/22 16:28:58.0584 0212	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/22 16:28:58.0693 0212	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/22 16:28:58.0771 0212	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/22 16:28:58.0881 0212	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/22 16:28:58.0990 0212	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/22 16:28:59.0068 0212	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/22 16:28:59.0130 0212	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/22 16:28:59.0255 0212	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/09/22 16:28:59.0317 0212	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/09/22 16:28:59.0427 0212	HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
2011/09/22 16:28:59.0551 0212	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/22 16:28:59.0661 0212	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/22 16:28:59.0723 0212	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/22 16:28:59.0848 0212	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/22 16:28:59.0926 0212	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/09/22 16:29:00.0051 0212	HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/09/22 16:29:00.0097 0212	HpqRemHid       (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/09/22 16:29:00.0191 0212	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/22 16:29:00.0300 0212	HSF_DPV         (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/22 16:29:00.0487 0212	HSXHWAZL        (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/09/22 16:29:00.0581 0212	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/22 16:29:00.0690 0212	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/09/22 16:29:00.0815 0212	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/22 16:29:00.0924 0212	ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/22 16:29:01.0111 0212	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/09/22 16:29:01.0314 0212	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/22 16:29:01.0455 0212	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/09/22 16:29:01.0533 0212	intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/22 16:29:01.0657 0212	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/22 16:29:01.0798 0212	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/22 16:29:01.0891 0212	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/22 16:29:02.0001 0212	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/22 16:29:02.0110 0212	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/09/22 16:29:02.0203 0212	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/22 16:29:02.0266 0212	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/22 16:29:02.0344 0212	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/22 16:29:02.0484 0212	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/22 16:29:02.0578 0212	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/22 16:29:02.0703 0212	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/22 16:29:02.0859 0212	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/22 16:29:03.0015 0212	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/22 16:29:03.0093 0212	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/22 16:29:03.0202 0212	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/22 16:29:03.0311 0212	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/22 16:29:03.0451 0212	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/22 16:29:03.0529 0212	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/09/22 16:29:03.0639 0212	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/22 16:29:03.0732 0212	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/22 16:29:03.0841 0212	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/22 16:29:03.0904 0212	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/22 16:29:03.0997 0212	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/22 16:29:04.0075 0212	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/09/22 16:29:04.0200 0212	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/22 16:29:04.0294 0212	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/22 16:29:04.0403 0212	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/22 16:29:04.0512 0212	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/22 16:29:04.0621 0212	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/22 16:29:04.0699 0212	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/22 16:29:04.0762 0212	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/09/22 16:29:04.0824 0212	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/09/22 16:29:04.0965 0212	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/22 16:29:05.0074 0212	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/22 16:29:05.0167 0212	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/22 16:29:05.0277 0212	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/22 16:29:05.0355 0212	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/22 16:29:05.0464 0212	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/22 16:29:05.0573 0212	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/22 16:29:05.0651 0212	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/22 16:29:05.0729 0212	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/22 16:29:05.0838 0212	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/22 16:29:05.0947 0212	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/22 16:29:06.0041 0212	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/22 16:29:06.0150 0212	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/22 16:29:06.0259 0212	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/22 16:29:06.0353 0212	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/22 16:29:06.0400 0212	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/22 16:29:06.0540 0212	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/22 16:29:06.0665 0212	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/22 16:29:06.0759 0212	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/22 16:29:06.0837 0212	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/22 16:29:06.0993 0212	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/22 16:29:07.0164 0212	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/22 16:29:07.0242 0212	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/22 16:29:07.0398 0212	NVENETFD        (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/09/22 16:29:07.0710 0212	nvlddmkm        (442eac1b12acf1bad6f1224167e034c8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/22 16:29:08.0038 0212	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/09/22 16:29:08.0131 0212	nvsmu           (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/09/22 16:29:08.0194 0212	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/09/22 16:29:08.0272 0212	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/09/22 16:29:08.0490 0212	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/22 16:29:08.0599 0212	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/22 16:29:08.0693 0212	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/22 16:29:08.0771 0212	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/22 16:29:08.0880 0212	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/22 16:29:08.0989 0212	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/09/22 16:29:09.0067 0212	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/22 16:29:09.0208 0212	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/22 16:29:09.0411 0212	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/22 16:29:09.0504 0212	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/09/22 16:29:09.0645 0212	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/22 16:29:09.0738 0212	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/09/22 16:29:09.0894 0212	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/22 16:29:10.0050 0212	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/22 16:29:10.0128 0212	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/22 16:29:10.0237 0212	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/22 16:29:10.0347 0212	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/22 16:29:10.0456 0212	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/22 16:29:10.0565 0212	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/22 16:29:10.0674 0212	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/22 16:29:10.0783 0212	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/09/22 16:29:10.0861 0212	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/22 16:29:10.0955 0212	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/22 16:29:11.0049 0212	rimmptsk        (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/09/22 16:29:11.0111 0212	rimsptsk        (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/09/22 16:29:11.0189 0212	rismxdp         (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/09/22 16:29:11.0298 0212	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/22 16:29:11.0376 0212	s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/09/22 16:29:11.0470 0212	s1018bus        (a4925151f1372a45dd491da2a43c27b8) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/09/22 16:29:11.0548 0212	s1018mdfl       (dd17284beb4301aabc6181fd2c78907f) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/09/22 16:29:11.0641 0212	s1018mdm        (aee74bfe0903c672c2968dfe22df09b8) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/09/22 16:29:11.0735 0212	s1018mgmt       (fe8f006bb157f1f1b6627c39b640f62d) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/09/22 16:29:11.0829 0212	s1018nd5        (bc12a5da59d947fc564a72ef6021aaec) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/09/22 16:29:11.0891 0212	s1018obex       (80f0597a1ceb93aaf5db779068dd702c) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/09/22 16:29:11.0985 0212	s1018unic       (2ba5f7a26fcb975574b0142b5052685e) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/09/22 16:29:12.0125 0212	s1039bus        (20eb79fd0a13a18b70b6731a1285ca94) C:\Windows\system32\DRIVERS\s1039bus.sys
2011/09/22 16:29:12.0219 0212	s1039mdfl       (58780c6c3ad51da84b57d6ae42dc49ca) C:\Windows\system32\DRIVERS\s1039mdfl.sys
2011/09/22 16:29:12.0297 0212	s1039mdm        (1ff8b42d1346133a945b52876376ed40) C:\Windows\system32\DRIVERS\s1039mdm.sys
2011/09/22 16:29:12.0390 0212	s1039mgmt       (f64c13c549cb4732fe99c771fa35d038) C:\Windows\system32\DRIVERS\s1039mgmt.sys
2011/09/22 16:29:12.0499 0212	s1039nd5        (ec22d9baa464a892c0637982b67292e6) C:\Windows\system32\DRIVERS\s1039nd5.sys
2011/09/22 16:29:12.0593 0212	s1039obex       (69e9ce002e7249e61ff2ea1336c71d89) C:\Windows\system32\DRIVERS\s1039obex.sys
2011/09/22 16:29:12.0687 0212	s1039unic       (482dfb3721a0de11cc22b439d17c348c) C:\Windows\system32\DRIVERS\s1039unic.sys
2011/09/22 16:29:12.0811 0212	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/22 16:29:12.0999 0212	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/09/22 16:29:13.0061 0212	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/22 16:29:13.0139 0212	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/09/22 16:29:13.0233 0212	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/22 16:29:13.0357 0212	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/22 16:29:13.0467 0212	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/22 16:29:13.0591 0212	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/22 16:29:13.0701 0212	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/22 16:29:13.0810 0212	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/22 16:29:13.0872 0212	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/22 16:29:13.0966 0212	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/09/22 16:29:14.0106 0212	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/09/22 16:29:14.0169 0212	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/09/22 16:29:14.0293 0212	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/22 16:29:14.0403 0212	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/22 16:29:14.0527 0212	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/22 16:29:14.0668 0212	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/22 16:29:14.0746 0212	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/22 16:29:14.0886 0212	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/22 16:29:14.0980 0212	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/22 16:29:15.0151 0212	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/22 16:29:15.0245 0212	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/22 16:29:15.0323 0212	SynTP           (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/22 16:29:15.0432 0212	tap0901         (fc73b46c3c76c9f1f7ec82749c0c48f3) C:\Windows\system32\DRIVERS\tap0901.sys
2011/09/22 16:29:15.0526 0212	Tcpip           (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
2011/09/22 16:29:15.0697 0212	Tcpip6          (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/22 16:29:15.0760 0212	tcpipreg        (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/22 16:29:15.0838 0212	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/22 16:29:15.0916 0212	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/22 16:29:16.0056 0212	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/22 16:29:16.0165 0212	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/22 16:29:16.0290 0212	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/22 16:29:16.0368 0212	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/22 16:29:16.0493 0212	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/22 16:29:16.0587 0212	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/09/22 16:29:16.0680 0212	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/22 16:29:16.0758 0212	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/22 16:29:16.0883 0212	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/09/22 16:29:16.0992 0212	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/22 16:29:17.0070 0212	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/22 16:29:17.0179 0212	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/22 16:29:17.0304 0212	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/22 16:29:17.0382 0212	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/22 16:29:17.0460 0212	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/22 16:29:17.0569 0212	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/22 16:29:17.0647 0212	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/22 16:29:17.0741 0212	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/22 16:29:17.0835 0212	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/22 16:29:17.0913 0212	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/22 16:29:17.0975 0212	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/22 16:29:18.0100 0212	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/22 16:29:18.0225 0212	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/22 16:29:18.0303 0212	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/22 16:29:18.0381 0212	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/09/22 16:29:18.0490 0212	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/09/22 16:29:18.0583 0212	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/09/22 16:29:18.0661 0212	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/22 16:29:18.0771 0212	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/22 16:29:18.0895 0212	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/22 16:29:18.0989 0212	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/09/22 16:29:19.0098 0212	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/22 16:29:19.0192 0212	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/22 16:29:19.0207 0212	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/22 16:29:19.0317 0212	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/22 16:29:19.0426 0212	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/22 16:29:19.0660 0212	winachsf        (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/22 16:29:19.0847 0212	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/22 16:29:19.0956 0212	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/22 16:29:20.0050 0212	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/22 16:29:20.0190 0212	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/22 16:29:20.0284 0212	XAudio          (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/22 16:29:20.0362 0212	MBR (0x1B8)     (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
2011/09/22 16:29:20.0393 0212	Boot (0x1200)   (24c9523d14b704d2236e5ff2b1b45e45) \Device\Harddisk0\DR0\Partition0
2011/09/22 16:29:20.0409 0212	Boot (0x1200)   (7d4780d34bc4c0f86c07e44981dd3358) \Device\Harddisk0\DR0\Partition1
2011/09/22 16:29:20.0424 0212	================================================================================
2011/09/22 16:29:20.0424 0212	Scan finished
2011/09/22 16:29:20.0424 0212	================================================================================
2011/09/22 16:29:20.0440 0880	Detected object count: 0
2011/09/22 16:29:20.0440 0880	Actual detected object count: 0

cosinus · 22.09.2011, 15:37

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

jonmg · 22.09.2011, 17:44

Code:

ATTFilter

ComboFix 11-09-21.04 - *** 22.09.2011  18:13:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1290 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpe448E.dll
c:\windows\IsUn0407.exe
c:\windows\system32\KBL.LOG
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-22 bis 2011-09-22  ))))))))))))))))))))))))))))))
.
.
2011-09-22 16:22 . 2011-09-22 16:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-22 14:09 . 2011-09-22 14:09	--------	d-----w-	C:\_OTL
2011-09-22 07:28 . 2011-09-22 07:28	--------	d-----w-	c:\program files\ESET
2011-09-21 19:26 . 2011-09-21 19:26	--------	d-----w-	c:\users\***\AppData\Local\DDMSettings
2011-09-21 09:23 . 2011-09-21 09:23	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2011-09-21 09:23 . 2011-09-21 09:23	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-21 09:23 . 2011-09-21 14:08	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-09-21 09:23 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-20 13:35 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B03FDFF-83D5-4F5A-8830-BD27B46BBF1D}\mpengine.dll
2011-09-05 17:04 . 2011-09-05 17:04	183696	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04	183696	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-09-05 02:18 . 2011-09-05 02:18	--------	d-----w-	c:\program files\PC Inspector File Recovery
2011-09-05 02:12 . 2011-09-05 02:12	--------	d-----w-	c:\program files\Recuva
2011-09-04 21:03 . 2011-09-04 21:03	--------	d-----w-	c:\windows\Sun
2011-08-26 17:09 . 2011-08-31 18:12	--------	d-----w-	c:\users\***\AppData\Roaming\gtk-2.0
2011-08-26 17:03 . 2011-08-26 17:03	--------	d-----w-	c:\users\***\.thumbnails
2011-08-26 16:55 . 2011-09-19 09:31	--------	d-----w-	c:\users\***\.gimp-2.6
2011-08-26 16:53 . 2011-08-26 16:53	--------	d-----w-	c:\program files\GIMP-2.0
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 13:37 . 2011-07-15 19:22	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-09-21 13:37 . 2011-07-15 19:22	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-07-23 11:04 . 2011-08-11 13:01	916480	----a-w-	c:\windows\system32\wininet.dll
2011-07-23 11:00 . 2011-08-11 13:01	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-07-23 10:59 . 2011-08-11 13:01	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-07-23 10:59 . 2011-08-11 13:01	109056	----a-w-	c:\windows\system32\iesysprep.dll
2011-07-23 10:59 . 2011-08-11 13:01	71680	----a-w-	c:\windows\system32\iesetup.dll
2011-07-23 10:03 . 2011-08-11 13:01	385024	----a-w-	c:\windows\system32\html.iec
2011-07-23 09:27 . 2011-08-11 13:01	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2011-07-23 09:25 . 2011-08-11 13:01	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-22 20:51 . 2011-07-22 20:51	94208	----a-w-	c:\windows\system32\dpl100.dll
2011-07-17 12:52 . 2011-07-17 12:52	1409	----a-w-	c:\windows\QTFont.for
2011-07-11 13:25 . 2011-08-24 09:09	2048	----a-w-	c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-11 13:01	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-09-15 11:13 . 2011-04-04 07:52	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-8 110592]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 14:10	1783136	----a-w-	c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-03-10 18:14	119608	----a-w-	c:\program files\ICQ6.5\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-06-03 13:08	21718312	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41	434176	----a-w-	c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-08 22:42	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3081651487-471574012-991591674-1000]
"EnableNotificationsRef"=dword:00000002
.
R1 ntiomin;ntiomin; [x]
R2 gupdate1c9a03f452e0f4d;Google Update Service (gupdate1c9a03f452e0f4d);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-05-30 13224]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2009-11-19 98672]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2009-11-19 14960]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2009-11-19 124016]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2009-11-19 117872]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2009-11-19 25456]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2009-11-19 113904]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2009-11-19 123504]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2008-02-05 1931776]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 22:43]
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 22:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar-Suche
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren
IE: Save YouTube Video
IE: Save YouTube Video as MP3
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ6.5\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jb9dal8k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3081651487-471574012-991591674-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3a,0c,d6,2f,79,e1,bd,54,fd,88,14,05,e5,56,dd,92,bd,8c,db,d1,0f,fb,be,
   cc,9b,ca,ab,35,e5,8b,f9,66,18,ba,e7,48,59,c0,ab,6d,83,e8,03,8c,03,43,14,b2,\
"??"=hex:46,50,68,ed,a4,9a,97,73,17,79,95,e7,b1,01,35,9c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1fcd7740-46c6-4c8a-8e9b-354f5bab02ea}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{28334827-7b80-4bb6-8eaf-ed54843cddaf}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e0016d3
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2c09a77f-d870-46bc-bfef-a9fa4a93abfd}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:20000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ae6bfa98-e137-457e-ae76-c20f4ed7fb5d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11001e4c
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bd940a36-46be-4af0-9366-3031d65a0d69}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d00ffbd
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c9fc89ee-4e39-4eac-a83f-61b5bb4987c5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:21000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{cc3a04a0-f023-46a4-b61a-61a52850d1ec}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001b24
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{da79be66-ee16-4b94-9946-4e40dc60181e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:16020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{dde68d00-b487-4109-bacb-06356019e2e0}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:13000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2360)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-22  18:36:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-22 16:36
.
Vor Suchlauf: 11 Verzeichnis(se), 107.218.763.776 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 106.968.887.296 Bytes frei
.
- - End Of File - - 9D35301E61324B71EFB8D870298F5FBB

cosinus · 22.09.2011, 20:43

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

jonmg · 23.09.2011, 07:41

Gmer.txt

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-22 22:54:31
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHY2250BH rev.890B
Running: n3er44ok.exe; Driver: C:\Users\***\AppData\Local\Temp\kgloypow.sys


---- System - GMER 1.0.15 ----

SSDT            8CFBBE76                                                                                                                ZwCreateSection
SSDT            8CFBBE7B                                                                                                                ZwSetContextThread
SSDT            8CFBBE17                                                                                                                ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                           822FE998 4 Bytes  [76, BE, FB, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                           822FECF0 4 Bytes  [7B, BE, FB, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                           822FEDA4 4 Bytes  [17, BE, FB, 8C]
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                section is writeable [0x8C208360, 0x35B0A2, 0xE8000020]
?               C:\ComboFix\catchme.sys                                                                                                 Das System kann die angegebene Datei nicht finden. !
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                              Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown]                                   [73CB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage]                                    [73D0A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                [73CBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                          [73CAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup]                                    [73CB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                 [73CAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]                     [73CE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]                        [73CBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight]                                [73CAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth]                                 [73CAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage]                                  [73CA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]                          [73D3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                             [73CDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                [73CAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree]                                          [73CA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc]                                         [73CA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[2360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode]                            [73CB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{1fcd7740-46c6-4c8a-8e9b-354f5bab02ea}@Dhcpv6Iaid   285212672
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{1fcd7740-46c6-4c8a-8e9b-354f5bab02ea}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{28334827-7b80-4bb6-8eaf-ed54843cddaf}@Dhcpv6Iaid   234886867
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{28334827-7b80-4bb6-8eaf-ed54843cddaf}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{2c09a77f-d870-46bc-bfef-a9fa4a93abfd}@Dhcpv6Iaid   536870912
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{2c09a77f-d870-46bc-bfef-a9fa4a93abfd}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid   117445666
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ae6bfa98-e137-457e-ae76-c20f4ed7fb5d}@Dhcpv6Iaid   285220428
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ae6bfa98-e137-457e-ae76-c20f4ed7fb5d}@Dhcpv6State  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bd940a36-46be-4af0-9366-3031d65a0d69}@Dhcpv6Iaid   218169277
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bd940a36-46be-4af0-9366-3031d65a0d69}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c9fc89ee-4e39-4eac-a83f-61b5bb4987c5}@Dhcpv6Iaid   553648128
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c9fc89ee-4e39-4eac-a83f-61b5bb4987c5}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{cc3a04a0-f023-46a4-b61a-61a52850d1ec}@Dhcpv6Iaid   201333540
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{cc3a04a0-f023-46a4-b61a-61a52850d1ec}@Dhcpv6State  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{da79be66-ee16-4b94-9946-4e40dc60181e}@Dhcpv6Iaid   369229908
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{da79be66-ee16-4b94-9946-4e40dc60181e}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{dde68d00-b487-4109-bacb-06356019e2e0}@Dhcpv6Iaid   318767104
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{dde68d00-b487-4109-bacb-06356019e2e0}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid   100668450
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State  0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{1fcd7740-46c6-4c8a-8e9b-354f5bab02ea}@Dhcpv6Iaid       285212672
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{1fcd7740-46c6-4c8a-8e9b-354f5bab02ea}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{28334827-7b80-4bb6-8eaf-ed54843cddaf}@Dhcpv6Iaid       234886867
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{28334827-7b80-4bb6-8eaf-ed54843cddaf}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{2c09a77f-d870-46bc-bfef-a9fa4a93abfd}@Dhcpv6Iaid       536870912
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{2c09a77f-d870-46bc-bfef-a9fa4a93abfd}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid       117445666
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{ae6bfa98-e137-457e-ae76-c20f4ed7fb5d}@Dhcpv6Iaid       285220428
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{ae6bfa98-e137-457e-ae76-c20f4ed7fb5d}@Dhcpv6State      1
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{bd940a36-46be-4af0-9366-3031d65a0d69}@Dhcpv6Iaid       218169277
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{bd940a36-46be-4af0-9366-3031d65a0d69}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{c9fc89ee-4e39-4eac-a83f-61b5bb4987c5}@Dhcpv6Iaid       553648128
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{c9fc89ee-4e39-4eac-a83f-61b5bb4987c5}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{cc3a04a0-f023-46a4-b61a-61a52850d1ec}@Dhcpv6Iaid       201333540
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{cc3a04a0-f023-46a4-b61a-61a52850d1ec}@Dhcpv6State      1
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{da79be66-ee16-4b94-9946-4e40dc60181e}@Dhcpv6Iaid       369229908
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{da79be66-ee16-4b94-9946-4e40dc60181e}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{dde68d00-b487-4109-bacb-06356019e2e0}@Dhcpv6Iaid       318767104
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{dde68d00-b487-4109-bacb-06356019e2e0}@Dhcpv6State      0
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid       100668450
Reg             HKLM\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State      0

---- EOF - GMER 1.0.15 ----

Osam.txt

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 08:33:44 on 23.09.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 6.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswMBR" (aswMBR) - ? - C:\Users\***\AppData\Local\Temp\aswMBR.sys  (Hidden registry entry, rootkit activity | File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)
"ntiomin" (ntiomin) - ? - C:\Windows\system32\drivers\ntiomin.sys  (File not found)
"Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - ? - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{DE9C389F-3316-41A7-809B-AA305ED9D922}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - ? -   (File not found | COM-object registry key not found)
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ7.4\ICQ.exe
"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{F4D76F01-7896-458a-890F-E1F05C46069F} "Ask Toolbar BHO" - "Ask.com" - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"ContentTransferWMDetector.exe" - "Sony Corporation" - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
"QlbCtrl" - " Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
"WAWifiMessage" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"hpf3l70w.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70w.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
"CyberGhost VPN Client" (CGVPNCliSrvc) - "mobile concepts GmbH" - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9a03f452e0f4d)" (gupdate1c9a03f452e0f4d) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
"QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR.txt

Code:

ATTFilter

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-23 08:07:09
-----------------------------
08:07:09.090    OS Version: Windows 6.0.6002 Service Pack 2
08:07:09.090    Number of processors: 2 586 0x6802
08:07:09.090    ComputerName: ***-PC  UserName: ***
08:07:40.103    Initialize success
08:07:50.649    AVAST engine defs: 11092201
08:08:13.222    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
08:08:13.222    Disk 0 Vendor: FUJITSU_MHY2250BH 890B Size: 238475MB BusType: 3
08:08:15.281    Disk 0 MBR read successfully
08:08:15.297    Disk 0 MBR scan
08:08:15.297    Disk 0 unknown MBR code
08:08:15.297    Disk 0 scanning sectors +488392065
08:08:15.390    Disk 0 scanning C:\Windows\system32\drivers
08:08:46.544    Service scanning
08:08:48.463    Modules scanning
08:09:00.272    Disk 0 trace - called modules:
08:09:00.288    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys 
08:09:00.304    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854255d8]
08:09:00.304    3 CLASSPNP.SYS[881ad8b3] -> nt!IofCallDriver -> [0x84278a20]
08:09:00.818    5 acpi.sys[8060b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8427b030]
08:09:02.363    AVAST engine scan C:\Windows
08:09:10.693    AVAST engine scan C:\Windows\system32
08:13:15.570    AVAST engine scan C:\Windows\system32\drivers
08:13:35.051    AVAST engine scan C:\Users\***
08:26:58.127    AVAST engine scan C:\ProgramData
08:29:51.355    Scan finished successfully
08:30:48.854    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
08:30:48.861    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

Hier nun die angeforderten Logs!

Achja..Vielleicht ist es nicht weiter von Belangen, aber mir ist noch aufgefallen, dass nach Combofix auf einmal eine Verknüpfung vom IE zum Desktop hergestellt wurde.

21.09.2011, 21:18	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PUM.Bad.Proxy im Zusammenhang mit Update-Problematik diverser Programme? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ __________________

PUM.Bad.Proxy im Zusammenhang mit Update-Problematik diverser Programme?

Plagegeister aller Art und deren Bekämpfung: PUM.Bad.Proxy im Zusammenhang mit Update-Problematik diverser Programme?