"Achtung! Ihr Windows System wurde blockiert" - Bildschirm nach der Anmeldung

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-29 00:50:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BEVS-08VAT2 rev.14.01A14
Running: iwg67czb.exe; Driver: C:\Temp\kftdapoc.sys


---- System - GMER 1.0.15 ----

SSDT            89BEF248                                                                                    ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwDeleteValueKey [0xA86C7350]
SSDT            89AB48F8                                                                                    ZwQueryValueKey
SSDT            89C4B370                                                                                    ZwResumeThread
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwSetValueKey [0xA86C7580]

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Mozilla Firefox\firefox.exe[5884] ntdll.dll!LdrLoadDll                         7C92632D 5 Bytes  JMP 01215B60 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Programme\Mozilla Firefox\firefox.exe[5884] USER32.dll!GetWindowInfo                     7E37C49C 5 Bytes  JMP 0139802D C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                      SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                    SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                     Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                     Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                   SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                   SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                 SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                    fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:57:08 on 29.02.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"PMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PWMCPl.cpl" - "Lenovo Group Limited" - C:\WINDOWS\system32\PWMCPl.cpl
"TpShCPL.cpl" - "Lenovo." - C:\WINDOWS\system32\TpShCPL.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\infopnl.cpl
"SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP2.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"282D0911F" (282D0911F) - ? - C:\WINDOWS\System32\drivers\282D0911F.sys  (File not found)
"ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
"ASMMAP" (ASMMAP) - ? - C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EraserUtilDrv11113" (EraserUtilDrv11113) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11113.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"esihdrv" (esihdrv) - ? - C:\Temp\esihdrv.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\system32\Drivers\IBMBLDID.sys  (File found, but it contains no detailed information)
"kftdapoc" (kftdapoc) - ? - C:\Temp\kftdapoc.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120224.002\naveng.sys
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120224.002\navex15.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PORTMON" (PORTMON) - ? - E:\Tools\Sysiternals\PORTMSYS.SYS  (File not found)
"SAVRT" (SAVRT) - "Symantec Corporation" - C:\Programme\Symantec\SAV\savrt.sys
"SAVRTPEL" (SAVRTPEL) - "Symantec Corporation" - C:\Programme\Symantec\SAV\Savrtpel.sys
"Shockprf" (Shockprf) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\Apsx86.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMTDI.SYS
"TPPWRIF" (TPPWRIF) - ? - C:\WINDOWS\System32\drivers\Tppwrif.sys  (File found, but it contains no detailed information)
"TSMAPIP" (TSMAPIP) - ? - C:\WINDOWS\System32\drivers\TSMAPIP.SYS  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{8FAF0273-9CA8-4efc-9536-1E35E254D5CD} "WEB.DE NewTab Protocol" - "1und1 Mail und Media GmbH" - C:\Programme\WEB.DE Toolbar\IE\uitb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\BTNEIG~1.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{28465D9A-DE2F-4627-B520-29968CC3C372} "FaJo XP File Security Extension" - "FaJo" - C:\Programme\FaJo\XP File Security Extension\FJXPFileSecExt.dll
{B28C18DB-6816-4F31-9630-397683E3C2C3} "Filzip Shell Extension" - ? - C:\Programme\Filzip\fzshext.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDA77241-42F6-11d0-85E2-00AA001FE28C} "VpshellEx Class" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "WEB.DE Toolbar" - "1und1 Mail und Media GmbH" - C:\Programme\WEB.DE Toolbar\IE\uitb.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} "ClsidExtension" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Programme\Microsoft\BingBar\BingExt.dll
<binary data> "WEB.DE Toolbar" - "1und1 Mail und Media GmbH" - C:\Programme\WEB.DE Toolbar\IE\uitb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Programme\Microsoft\BingBar\BingExt.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} "IePasswordManagerHelper Class" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{17166733-40EA-4432-A85C-AE672FF0E236} "WEB.DE Konfiguration" - "1&1 Mail & Media GmbH" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll
{BF42D4A8-016E-4fcd-B1EB-837659FD77C6} "WEB.DE Toolbar BHO" - "1und1 Mail und Media GmbH" - C:\Programme\WEB.DE Toolbar\IE\uitb.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Kodak EasyShare Software.lnk" - "Eastman Kodak Company" - C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe  (Shortcut exists | File exists)
"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized
"SkypeM" - ? - C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"cssauth" - "Lenovo Group Limited" - "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
"EZEJMNAP" - "Lenovo Group Ltd." - C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"EZEJTRAY" - "Lenovo Group Ltd." - C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXE
"HP Software Update" - "Hewlett-Packard" - C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
"LCONTROL" - "ATK0101" - "C:\Programme\Lenovo\ATK Hotkey\LCONTROL.exe"
"LFKA" - "Lenovo" - "C:\Programme\Lenovo\ATK Hotkey\LFKA.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
"PSQLLauncher" - "UPEK Inc." - "C:\Programme\ThinkVantage Fingerprint Software\launcher.exe" /startup
"PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TPFNF7" - "Lenovo Group Limited" - C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r
"TPHOTKEY" - "Lenovo Group Limited" - C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe
"TpShocks" - "Lenovo." - TpShocks.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
"Access Connections Main Service" (AcSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Programme\Microsoft\BingBar\BBSvc.EXE
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
"Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
"Intel(R) PROSet/Wireless WiMAX Red Bend Device Management Service" (DMAgent) - "Red Bend Ltd." - C:\Programme\Intel\WiMAX\Bin\DMAgent.exe
"Intel(R) PROSet/Wireless WiMAX Service" (WiMAXAppSrv) - "Intel(R) Corporation" - C:\Programme\Intel\WiMAX\Bin\AppSrv.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"Power Manager DBC Service" (Power Manager DBC Service) - ? - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
"SAVRoam" (SavRoam) - "symantec" - C:\Programme\Symantec\SAV\SavRoam.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\BingBar\SeaPort.EXE
"Service of LFKA" (LFKAS) - ? - C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe
"Symantec AntiVirus" (Symantec AntiVirus) - "Symantec Corporation " - C:\Programme\Symantec\SAV\Rtvscan.exe
"Symantec AntiVirus Definition Watcher" (DefWatch) - "Symantec Corporation" - C:\Programme\Symantec\SAV\DefWatch.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
"Symantec Network Drivers Service" (SNDSrvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
"Symantec SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.exe
"ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "UPEK Inc." - C:\WINDOWS\system32\vrlogon.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"NavLogon" - "Symantec Corporation" - C:\WINDOWS\system32\NavLogon.dll
"psfus" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll
"tphotkey" - "Lenovo Group Limited" - C:\Programme\Lenovo\HOTKEY\tphklock.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-29 01:00:11
-----------------------------
01:00:11.343    OS Version: Windows 5.1.2600 Service Pack 3
01:00:11.343    Number of processors: 2 586 0xF0D
01:00:11.343    ComputerName: PC-MSH  UserName: 
01:00:11.671    Initialize success
01:01:55.218    AVAST engine defs: 12022802
01:02:11.171    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:02:11.171    Disk 0 Vendor: WDC_WD2500BEVS-08VAT2 14.01A14 Size: 238475MB BusType: 3
01:02:11.250    Disk 0 MBR read successfully
01:02:11.250    Disk 0 MBR scan
01:02:11.296    Disk 0 Windows XP default MBR code
01:02:11.296    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        40962 MB offset 63
01:02:11.328    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       197510 MB offset 83891430
01:02:11.359    Disk 0 scanning sectors +488392065
01:02:11.531    Disk 0 scanning C:\WINDOWS\system32\drivers
01:02:38.046    Service scanning
01:02:59.062    Modules scanning
01:03:21.984    Disk 0 trace - called modules:
01:03:22.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
01:03:22.015    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89da0ab8]
01:03:22.015    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000008a[0x89da69e8]
01:03:22.015    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d6e940]
01:03:22.250    AVAST engine scan C:\WINDOWS
01:03:50.093    AVAST engine scan C:\WINDOWS\system32
01:09:21.515    AVAST engine scan C:\WINDOWS\system32\drivers
01:09:50.578    AVAST engine scan C:\Dokumente und Einstellungen\Matthias und Silke
01:13:21.671    AVAST engine scan C:\Dokumente und Einstellungen\All Users
01:16:06.281    Scan finished successfully
01:16:45.515    Disk 0 MBR has been saved successfully to "E:\mat\MBR.dat"
01:16:45.593    The log file has been saved successfully to "E:\mat\aswMBR.txt"