Windows Diagnostic - richtig entfernt?

cosinus · 24.03.2011, 22:34

Die 10GB mehr Platz kamen wohl durch den OTL-Fix. Ich lasse eigentlich immer die Tempdateien gleich mit löschen

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Swaggy · 24.03.2011, 23:01

Also wenn ichs richitg gemacht habe (ich habe irgendwie keins der genannten programme aufm desktop entpackt, sondern einfach so gestartet (hoffe das war nicht falsch)) , dann hat tdss killer nix gefunden...hier ist der log:

Zitat:

2011/03/24 22:57:34.0526 1332 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/24 22:57:34.0903 1332 ================================================================================
2011/03/24 22:57:34.0903 1332 SystemInfo:
2011/03/24 22:57:34.0903 1332
2011/03/24 22:57:34.0903 1332 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/24 22:57:34.0903 1332 Product type: Workstation
2011/03/24 22:57:34.0904 1332 ComputerName: STANDPC2
2011/03/24 22:57:34.0904 1332 UserName: Flo
2011/03/24 22:57:34.0904 1332 Windows directory: C:\Windows
2011/03/24 22:57:34.0904 1332 System windows directory: C:\Windows
2011/03/24 22:57:34.0904 1332 Processor architecture: Intel x86
2011/03/24 22:57:34.0904 1332 Number of processors: 2
2011/03/24 22:57:34.0904 1332 Page size: 0x1000
2011/03/24 22:57:34.0904 1332 Boot type: Normal boot
2011/03/24 22:57:34.0904 1332 ================================================================================
2011/03/24 22:57:35.0958 1332 Initialize success
2011/03/24 22:58:51.0543 6504 ================================================================================
2011/03/24 22:58:51.0543 6504 Scan started
2011/03/24 22:58:51.0543 6504 Mode: Manual;
2011/03/24 22:58:51.0543 6504 ================================================================================
2011/03/24 22:58:52.0260 6504 3xHybrid (53a3664bca7bbc1c09744455bf2ea136) C:\Windows\system32\DRIVERS\3xHybrid.sys
2011/03/24 22:58:52.0338 6504 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/24 22:58:52.0402 6504 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/24 22:58:52.0451 6504 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/24 22:58:52.0494 6504 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/24 22:58:52.0540 6504 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/24 22:58:52.0614 6504 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/24 22:58:52.0660 6504 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/24 22:58:52.0718 6504 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
2011/03/24 22:58:52.0773 6504 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/03/24 22:58:52.0810 6504 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
2011/03/24 22:58:52.0844 6504 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/24 22:58:52.0878 6504 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/03/24 22:58:52.0957 6504 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/24 22:58:52.0993 6504 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/24 22:58:53.0050 6504 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/24 22:58:53.0100 6504 atapi (78620bda3ec87816e5d1fa86f920bc3a) C:\Windows\system32\drivers\atapi.sys
2011/03/24 22:58:53.0158 6504 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/03/24 22:58:53.0253 6504 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/24 22:58:53.0330 6504 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/24 22:58:53.0369 6504 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/24 22:58:53.0397 6504 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/24 22:58:53.0437 6504 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/24 22:58:53.0472 6504 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/24 22:58:53.0514 6504 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/24 22:58:53.0547 6504 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/24 22:58:53.0593 6504 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/24 22:58:54.0076 6504 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/24 22:58:54.0276 6504 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/24 22:58:54.0334 6504 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/03/24 22:58:54.0387 6504 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/24 22:58:54.0464 6504 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
2011/03/24 22:58:54.0496 6504 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/03/24 22:58:54.0523 6504 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/24 22:58:54.0565 6504 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/24 22:58:54.0660 6504 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/24 22:58:54.0713 6504 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/24 22:58:54.0797 6504 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/24 22:58:54.0886 6504 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/24 22:58:54.0947 6504 e1express (476d9f2f0789cde89acee2a2fb21ec5a) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/03/24 22:58:54.0983 6504 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/24 22:58:55.0030 6504 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/24 22:58:55.0138 6504 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/24 22:58:55.0293 6504 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/24 22:58:55.0332 6504 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/24 22:58:55.0376 6504 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/24 22:58:55.0420 6504 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2011/03/24 22:58:55.0461 6504 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/24 22:58:55.0523 6504 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/24 22:58:55.0617 6504 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/24 22:58:55.0714 6504 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/24 22:58:55.0763 6504 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/24 22:58:55.0809 6504 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/24 22:58:55.0868 6504 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
2011/03/24 22:58:55.0985 6504 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/24 22:58:56.0280 6504 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/24 22:58:56.0322 6504 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/24 22:58:56.0377 6504 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/24 22:58:56.0474 6504 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/24 22:58:56.0531 6504 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/24 22:58:56.0684 6504 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/24 22:58:56.0768 6504 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/24 22:58:56.0841 6504 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/24 22:58:56.0958 6504 iaStor (28aae599496b4930b3f19026f2083bc4) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/24 22:58:57.0024 6504 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/24 22:58:57.0094 6504 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/24 22:58:57.0313 6504 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/24 22:58:57.0394 6504 IntelDH (7f440f8ced849fcdfa85bb3521b4f048) C:\Windows\system32\Drivers\IntelDH.sys
2011/03/24 22:58:57.0528 6504 intelide (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys
2011/03/24 22:58:57.0698 6504 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/24 22:58:57.0826 6504 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/24 22:58:57.0901 6504 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/24 22:58:57.0962 6504 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/24 22:58:58.0011 6504 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/24 22:58:58.0054 6504 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/03/24 22:58:58.0103 6504 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/24 22:58:58.0200 6504 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/24 22:58:58.0232 6504 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/24 22:58:58.0398 6504 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/24 22:58:58.0448 6504 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/24 22:58:58.0505 6504 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/24 22:58:58.0568 6504 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/03/24 22:58:58.0598 6504 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/24 22:58:58.0644 6504 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/24 22:58:58.0683 6504 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/24 22:58:58.0725 6504 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/24 22:58:58.0773 6504 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/24 22:58:58.0833 6504 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/03/24 22:58:58.0888 6504 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/24 22:58:58.0925 6504 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/24 22:58:58.0964 6504 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/24 22:58:58.0992 6504 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/24 22:58:59.0013 6504 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/24 22:58:59.0061 6504 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/24 22:58:59.0119 6504 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/03/24 22:58:59.0193 6504 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/24 22:58:59.0365 6504 MpKslb9c32161 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A4DF34E-9734-4696-A376-1690778AAFAE}\MpKslb9c32161.sys
2011/03/24 22:58:59.0424 6504 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/03/24 22:58:59.0564 6504 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/24 22:58:59.0621 6504 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/24 22:58:59.0663 6504 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/24 22:58:59.0699 6504 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/24 22:58:59.0736 6504 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/24 22:58:59.0769 6504 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/24 22:58:59.0813 6504 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
2011/03/24 22:58:59.0860 6504 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/24 22:58:59.0922 6504 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/24 22:58:59.0957 6504 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/24 22:59:00.0006 6504 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/24 22:59:00.0049 6504 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/24 22:59:00.0072 6504 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/24 22:59:00.0129 6504 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/24 22:59:00.0159 6504 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/24 22:59:00.0183 6504 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/24 22:59:00.0218 6504 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/24 22:59:00.0285 6504 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/24 22:59:00.0352 6504 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/24 22:59:00.0381 6504 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/24 22:59:00.0410 6504 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/24 22:59:00.0452 6504 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/24 22:59:00.0511 6504 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/24 22:59:00.0542 6504 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/24 22:59:00.0583 6504 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/24 22:59:00.0653 6504 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
2011/03/24 22:59:00.0725 6504 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/24 22:59:00.0822 6504 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/03/24 22:59:00.0882 6504 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
2011/03/24 22:59:00.0909 6504 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/24 22:59:00.0956 6504 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/24 22:59:01.0023 6504 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/24 22:59:01.0074 6504 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/24 22:59:01.0121 6504 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/24 22:59:01.0360 6504 nvlddmkm (513098dd7a7f4eea43f9b0bbc1948c80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/24 22:59:01.0506 6504 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/03/24 22:59:01.0561 6504 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/03/24 22:59:01.0600 6504 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/03/24 22:59:01.0686 6504 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/24 22:59:01.0730 6504 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/03/24 22:59:01.0765 6504 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/24 22:59:01.0792 6504 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/24 22:59:01.0882 6504 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/24 22:59:01.0961 6504 pciide (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
2011/03/24 22:59:02.0012 6504 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/24 22:59:02.0092 6504 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/24 22:59:02.0268 6504 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/03/24 22:59:02.0419 6504 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/24 22:59:02.0454 6504 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/24 22:59:02.0536 6504 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/24 22:59:02.0594 6504 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/24 22:59:02.0647 6504 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/24 22:59:02.0700 6504 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/24 22:59:02.0771 6504 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/24 22:59:02.0838 6504 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/24 22:59:02.0882 6504 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/24 22:59:02.0928 6504 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/24 22:59:02.0977 6504 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/24 22:59:03.0021 6504 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/24 22:59:03.0046 6504 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/24 22:59:03.0087 6504 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/03/24 22:59:03.0110 6504 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/24 22:59:03.0177 6504 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/24 22:59:03.0318 6504 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/24 22:59:03.0356 6504 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/24 22:59:03.0410 6504 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/24 22:59:03.0447 6504 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/24 22:59:03.0482 6504 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/03/24 22:59:03.0525 6504 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/24 22:59:03.0572 6504 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/03/24 22:59:03.0597 6504 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/24 22:59:03.0631 6504 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/24 22:59:03.0667 6504 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/24 22:59:03.0705 6504 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/24 22:59:03.0739 6504 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/24 22:59:03.0791 6504 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/24 22:59:03.0829 6504 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/24 22:59:03.0894 6504 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/24 22:59:03.0922 6504 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/24 22:59:03.0955 6504 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/24 22:59:04.0005 6504 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/24 22:59:04.0037 6504 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/24 22:59:04.0071 6504 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/24 22:59:04.0105 6504 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/24 22:59:04.0618 6504 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/03/24 22:59:04.0702 6504 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/24 22:59:04.0750 6504 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/24 22:59:04.0799 6504 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/24 22:59:04.0849 6504 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/24 22:59:04.0921 6504 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/24 22:59:05.0001 6504 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/24 22:59:05.0100 6504 TSHWMDTCP (b56368b25a51cebda77e6b20764f07f2) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2011/03/24 22:59:05.0203 6504 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/24 22:59:05.0232 6504 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/24 22:59:05.0255 6504 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/24 22:59:05.0294 6504 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/24 22:59:05.0336 6504 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/24 22:59:05.0386 6504 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/24 22:59:05.0437 6504 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/24 22:59:05.0483 6504 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/24 22:59:05.0517 6504 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/24 22:59:05.0606 6504 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/24 22:59:05.0685 6504 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/03/24 22:59:05.0780 6504 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/24 22:59:05.0831 6504 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/24 22:59:05.0864 6504 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/24 22:59:05.0900 6504 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/24 22:59:05.0982 6504 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/24 22:59:06.0023 6504 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/24 22:59:06.0050 6504 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/24 22:59:06.0080 6504 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/24 22:59:06.0116 6504 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/24 22:59:06.0242 6504 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/24 22:59:06.0285 6504 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/03/24 22:59:06.0324 6504 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/24 22:59:06.0421 6504 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
2011/03/24 22:59:06.0454 6504 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/24 22:59:06.0499 6504 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/24 22:59:06.0540 6504 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/24 22:59:06.0590 6504 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/24 22:59:06.0639 6504 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/24 22:59:06.0678 6504 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/24 22:59:06.0692 6504 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/24 22:59:06.0739 6504 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/24 22:59:06.0810 6504 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/24 22:59:06.0940 6504 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/24 22:59:07.0035 6504 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/24 22:59:07.0133 6504 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/24 22:59:07.0221 6504 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/24 22:59:07.0309 6504 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
2011/03/24 22:59:07.0341 6504 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
2011/03/24 22:59:07.0434 6504 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\HomeCinema\PlayMovie\000.fcl
2011/03/24 22:59:07.0491 6504 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Program Files\HomeCinema\PowerDVD\000.fcl
2011/03/24 22:59:07.0699 6504 ================================================================================
2011/03/24 22:59:07.0699 6504 Scan finished
2011/03/24 22:59:07.0699 6504 ================================================================================

Gruß,

Swaggy

cosinus · 24.03.2011, 23:18

Das ist schonmal ok. Ich brauch das Log vom TDSS-Killer als Zusatzbestätigung.
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Swaggy · 25.03.2011, 11:57

Also GMER hat irgendwie nicht funktioniert, aber OSAM schon. Hier ist das log:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:52:43 on 25.03.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"RegistryBooster.job" - "Uniblue Systems Limited" - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"awlyypog" (awlyypog) - ? - C:\Users\Flo\AppData\Local\Temp\awlyypog.sys  (Hidden registry entry, rootkit activity | File not found)
"bcmpikdd" (bcmpikdd) - ? - C:\Windows\system32\drivers\bcmpikdd.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\Flo\AppData\Local\Temp\catchme.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MpKsl5e4cf9fe" (MpKsl5e4cf9fe) - "Microsoft Corporation" - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A4DF34E-9734-4696-A376-1690778AAFAE}\MpKsl5e4cf9fe.sys
"MpKsl6b61d8cb" (MpKsl6b61d8cb) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6E8D2A4-27EC-4E42-91C6-29754EF1F460}\MpKsl6b61d8cb.sys  (File not found)
"MpKsl8c3a74af" (MpKsl8c3a74af) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA119E0A-D5F0-4243-BA02-F582C844AB7E}\MpKsl8c3a74af.sys  (File not found)
"TSHWMDTCP" (TSHWMDTCP) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PlayMovie\000.fcl
"{95808DC4-FA4A-4C74-92FE-5B863F82066B}" ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PowerDVD\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
"RegistryBooster" - "Uniblue Systems Limited" - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"CCUTRAYICON" - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"NMSSupport" - "Intel Corporation" - "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
"Philips Device Listener" - ? - "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DQLWinService" (DQLWinService) - ? - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
"GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe
"Google Update Service (gupdate1cae702751500b0)" (gupdate1cae702751500b0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Alert Service" (AlertService) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
"Intel(R) Application Tracker" (MCLServiceATL) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
"Intel(R) DHTrace Controller" (DHTRACE) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"Intel(R) NMSCore" (NMSCore) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
"Intel(R) Quality Manager" (QualityManager) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
"Intel(R) Remoting Service" (Remote UI Service) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
"Intel(R) Software Services Manager" (ISSM) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
"Intel(R) Viiv(TM) Media Server" (M1 Server) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
"TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

===[ Logfile end ]=========================================[ Logfile end ]===[/QUOTE]

--- --- ---

Das letzte was du genannt hast, hat irgendwie kein log ausgespuck, aber ich konnte es auch nicht auf dem desktop speichern, sondern habe es aus dem Download Fenster aus gestartet (hoffe das war nicht flasch).

Gruß,
Swaggy

Swaggy · 25.03.2011, 11:58

Ok, hab das log doch gefunden:

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: MEDIONPC
System Product Name: MS-7502
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 149):
0x81E36000 \SystemRoot\system32\ntkrnlpa.exe
0x81E03000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047C000 \SystemRoot\system32\PSHED.dll
0x8048D000 \SystemRoot\system32\BOOTVID.dll
0x80495000 \SystemRoot\system32\CLFS.SYS
0x804D6000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\system32\drivers\acpi.sys
0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EA000 \SystemRoot\system32\drivers\pci.sys
0x80711000 \SystemRoot\System32\drivers\partmgr.sys
0x80720000 \SystemRoot\system32\drivers\volmgr.sys
0x8072F000 \SystemRoot\System32\drivers\volmgrx.sys
0x80779000 \SystemRoot\System32\drivers\mountmgr.sys
0x87A08000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x87ACF000 \SystemRoot\system32\drivers\fltmgr.sys
0x87B01000 \SystemRoot\system32\drivers\fileinfo.sys
0x87B11000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C06000 \SystemRoot\system32\drivers\ndis.sys
0x87D11000 \SystemRoot\system32\drivers\msrpc.sys
0x87D3C000 \SystemRoot\system32\drivers\NETIO.SYS
0x87E0A000 \SystemRoot\System32\drivers\tcpip.sys
0x87EF7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88000000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88110000 \SystemRoot\system32\drivers\volsnap.sys
0x88149000 \SystemRoot\system32\DRIVERS\uagp35.sys
0x8815A000 \SystemRoot\System32\Drivers\spldr.sys
0x88162000 \SystemRoot\System32\Drivers\mup.sys
0x88171000 \SystemRoot\System32\drivers\ecache.sys
0x88198000 \SystemRoot\system32\drivers\disk.sys
0x881A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x881CA000 \SystemRoot\system32\drivers\crcdisk.sys
0x881E0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x881EB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FD9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BA0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C152000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C1F2000 \SystemRoot\System32\drivers\watchdog.sys
0x87D77000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87DB2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87FE8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C408000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C495000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0x8C5C3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C5ED000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x8C5F0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x87DF0000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x87B82000 \SystemRoot\system32\DRIVERS\serial.sys
0x881F4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x87B9C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C400000 \SystemRoot\System32\Drivers\x10hid.sys
0x87BB4000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0x87FF7000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0x87BC4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x80789000 \SystemRoot\system32\DRIVERS\storport.sys
0x87BF3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x807CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x807E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x805B6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x807EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C801000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C816000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8C81B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C82B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C836000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C841000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C843000 \SystemRoot\System32\Drivers\IntelDH.sys
0x8C845000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C84F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C85C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C891000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C89A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D003000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C8AB000 \SystemRoot\system32\drivers\portcls.sys
0x8C8D8000 \SystemRoot\system32\drivers\drmk.sys
0x8C8FD000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8D1DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D1E7000 \SystemRoot\System32\Drivers\Null.SYS
0x8D1EE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C937000 \SystemRoot\System32\drivers\vga.sys
0x8C943000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D1F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C964000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C96C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C977000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C985000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C98E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C9A4000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C9B8000 \SystemRoot\system32\drivers\afd.sys
0x8D20B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D23D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D253000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D261000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D274000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D2B0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D2BA000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D2D1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8D2F9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D30E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D310000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8D326000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D333000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x87F12000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x93C80000 \SystemRoot\System32\win32k.sys
0x8D200000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C924000 \SystemRoot\System32\Drivers\x10ufx2.sys
0x87FA2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C92E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x881D3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x87FB9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93EA0000 \SystemRoot\System32\TSDDD.dll
0x93EC0000 \SystemRoot\System32\cdd.dll
0x9A002000 \SystemRoot\system32\drivers\luafv.sys
0x9A025000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A035000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A05F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A069000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A07C000 \SystemRoot\system32\drivers\HTTP.sys
0x9A0E9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A106000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A11F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A134000 \SystemRoot\system32\drivers\mrxdav.sys
0x9A155000

Gruß,

Swaggy

cosinus · 25.03.2011, 14:08

Das Log von mbrcheck ist unvollständig. Lass das Tool ggf. etwas länger laufen!

Zitat:

"bcmpikdd" (bcmpikdd) - ? - C:\Windows\system32\drivers\bcmpikdd.sys (File not found)

Nitte mit OSAM deaktivieren und löschen (delete from storage)

Swaggy · 05.04.2011, 12:52

hier ist ein akktueller MbrCheck log, aber die Zeile hab ich bei OSAM nich gefunden.
Ich probiers einfach nochmal.

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: MEDIONPC
System Product Name: MS-7502
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 149):
0x81E34000 \SystemRoot\system32\ntkrnlpa.exe
0x81E01000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\system32\drivers\acpi.sys
0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806ED000 \SystemRoot\system32\drivers\pci.sys
0x80714000 \SystemRoot\System32\drivers\partmgr.sys
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\System32\drivers\mountmgr.sys
0x87A00000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x87AC7000 \SystemRoot\system32\drivers\fltmgr.sys
0x87AF9000 \SystemRoot\system32\drivers\fileinfo.sys
0x87B09000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C00000 \SystemRoot\system32\drivers\ndis.sys
0x87D0B000 \SystemRoot\system32\drivers\msrpc.sys
0x87D36000 \SystemRoot\system32\drivers\NETIO.SYS
0x87E00000 \SystemRoot\System32\drivers\tcpip.sys
0x87EED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88002000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88112000 \SystemRoot\system32\drivers\volsnap.sys
0x8814B000 \SystemRoot\system32\DRIVERS\uagp35.sys
0x8815C000 \SystemRoot\System32\Drivers\spldr.sys
0x88164000 \SystemRoot\System32\Drivers\mup.sys
0x88173000 \SystemRoot\System32\drivers\ecache.sys
0x8819A000 \SystemRoot\system32\drivers\disk.sys
0x881AB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x881CC000 \SystemRoot\system32\drivers\crcdisk.sys
0x881E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x881ED000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FCF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BA01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C147000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C1E7000 \SystemRoot\System32\drivers\watchdog.sys
0x87D71000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8C1F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87DAC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87FDE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C40B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C498000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0x8C5C6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C5F0000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x87FED000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x87DEA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x87B7A000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C5F3000 \SystemRoot\system32\DRIVERS\serenum.sys
0x87B94000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C5FD000 \SystemRoot\System32\Drivers\x10hid.sys
0x87BAC000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0x8C400000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0x87BBC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8078C000 \SystemRoot\system32\DRIVERS\storport.sys
0x87BEB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x807CD000 \SystemRoot\system32\drivers\ScreamingBAudio.sys
0x805B4000 \SystemRoot\system32\drivers\portcls.sys
0x807DA000 \SystemRoot\system32\drivers\drmk.sys
0x805E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x80600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CA05000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CA28000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CA37000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CA4B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CA60000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8CA65000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CA75000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CA80000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CA8B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CA8D000 \SystemRoot\System32\Drivers\IntelDH.sys
0x8CA8F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CA99000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CAA6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CADB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8CAE4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D00E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8CAF5000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8D1E9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D1F2000 \SystemRoot\System32\Drivers\Null.SYS
0x8D1F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D000000 \SystemRoot\System32\drivers\vga.sys
0x8CB2F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CB50000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CB58000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CB60000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CB6B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CB79000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CB82000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CB98000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CBAC000 \SystemRoot\system32\drivers\afd.sys
0x8CE00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CE32000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CE48000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CE56000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CE69000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CEA5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CEAF000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CEC6000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8CEEE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8CF03000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CF05000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8CF1B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CF32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8CF3B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87F08000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8CF48000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x8CFD8000 \SystemRoot\System32\Drivers\x10ufx2.sys
0x8CFE2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92670000 \SystemRoot\System32\win32k.sys
0x8CFEA000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CB1C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x92890000 \SystemRoot\System32\TSDDD.dll
0x928B0000 \SystemRoot\System32\cdd.dll
0x9A00F000 \SystemRoot\system32\drivers\luafv.sys
0x9A032000 \SystemRoot\system32\drivers\spsys.sys
0x9A0E2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A0F2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A11C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A126000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A139000 \SystemRoot\system32\drivers\HTTP.sys
0x9A1A6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A1C3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A1DC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C802000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C823000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C842000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C87B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C893000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C8BB000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C909000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9C94C000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9C956000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9C95B000 \SystemRoot\system32\DRIVERS\nmsunidr.sys
0xA5602000 \SystemRoot\system32\drivers\peauth.sys
0xA56E0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA56EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA56F6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA570B000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA571D000 \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl
0xA573A000 \??\C:\Program Files\HomeCinema\PowerDVD\000.fcl
0xA5765000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA5770000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89620448-425E-422E-A1A3-51F8D978B37B}\MpKsldff02d3e.sys
0x77300000 \Windows\System32\ntdll.dll

Processes (total 77):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
568 csrss.exe
620 C:\Windows\System32\wininit.exe
632 csrss.exe
664 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\winlogon.exe
924 C:\Windows\System32\svchost.exe
968 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1060 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\audiodg.exe
1208 C:\Windows\System32\SLsvc.exe
1248 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\spoolsv.exe
1776 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\dwm.exe
832 C:\Windows\explorer.exe
1284 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1240 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
1496 C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
1528 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
1552 C:\Windows\RtHDVCpl.exe
2040 C:\Windows\System32\rundll32.exe
2020 C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
288 C:\Program Files\Common Files\Java\Java Update\jusched.exe
304 C:\Program Files\Microsoft Security Client\msseces.exe
328 C:\Program Files\Iminent\IMBooster\IMBooster.exe
612 C:\Program Files\Windows Sidebar\sidebar.exe
1620 C:\Windows\System32\rundll32.exe
2064 C:\Program Files\Logitech\Logitech Vid\Vid.exe
2076 C:\Program Files\Windows Media Player\wmpnscfg.exe
2164 C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
2284 C:\Windows\System32\taskeng.exe
2560 C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
2596 C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
2644 C:\Program Files\Common Files\Gnab\Service\ServiceController.exe
2760 C:\Windows\System32\taskeng.exe
2808 C:\Windows\System32\taskeng.exe
2824 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
3188 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
3452 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3492 C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
3500 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
3516 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
3668 C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
3712 C:\Windows\System32\PnkBstrA.exe
3724 C:\Windows\System32\svchost.exe
3744 C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
3764 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3812 C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
3848 C:\Windows\System32\svchost.exe
4084 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
2176 C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
1396 C:\Windows\System32\svchost.exe
236 C:\Windows\System32\SearchIndexer.exe
2364 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
2404 WUDFHost.exe
724 C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
2032 C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
3060 C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
3252 C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
4064 C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
5344 C:\Windows\System32\mobsync.exe
5416 C:\Program Files\Windows Media Player\wmpnetwk.exe
2324 C:\Windows\System32\svchost.exe
4844 C:\Windows\System32\SearchProtocolHost.exe
2376 C:\Windows\System32\SearchFilterHost.exe
2424 <unknown>
2456 <unknown>
5328 C:\Users\Flo\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006f`70841a00 (FAT32)

PhysicalDrive0 Model Number: ST3500320NS, Rev: SN04

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

Done!

Swaggy · 05.04.2011, 13:05

ok, habe jetzt (hoffentlich) auch die OSAM Zeile gelöscht.
hier ist ein aktueller log:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:03:05 on 05.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"RegistryBooster.job" - "Uniblue Systems Limited" - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\Users\Flo\AppData\Local\Temp\catchme.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MpKsl6b61d8cb" (MpKsl6b61d8cb) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6E8D2A4-27EC-4E42-91C6-29754EF1F460}\MpKsl6b61d8cb.sys  (File not found)
"MpKsl8c3a74af" (MpKsl8c3a74af) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA119E0A-D5F0-4243-BA02-F582C844AB7E}\MpKsl8c3a74af.sys  (File not found)
"MpKsldff02d3e" (MpKsldff02d3e) - "Microsoft Corporation" - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89620448-425E-422E-A1A3-51F8D978B37B}\MpKsldff02d3e.sys
"TSHWMDTCP" (TSHWMDTCP) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PlayMovie\000.fcl
"{95808DC4-FA4A-4C74-92FE-5B863F82066B}" ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PowerDVD\000.fcl
(Disabled) "bcmpikdd" (bcmpikdd) - ? - C:\Windows\system32\drivers\bcmpikdd.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "IMinent Toolbar" - ? - C:\Program Files\IMinent Toolbar\tbcore3.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
<binary data> "IMinent Toolbar" - ? - C:\Program Files\IMinent Toolbar\tbcore3.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} "IMinent WebBooster (BHO)" - "Iminent" - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
{58124A0B-DC32-4180-9BFF-E0E21AE34026} "TBSB01620 Class" - ? - C:\Program Files\IMinent Toolbar\tbcore3.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
"RegistryBooster" - "Uniblue Systems Limited" - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"CCUTRAYICON" - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"IMBooster" - "Iminent" - C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"NMSSupport" - "Intel Corporation" - "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
"Philips Device Listener" - ? - "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DQLWinService" (DQLWinService) - ? - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
"GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe
"Google Update Service (gupdate1cae702751500b0)" (gupdate1cae702751500b0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Alert Service" (AlertService) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
"Intel(R) Application Tracker" (MCLServiceATL) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
"Intel(R) DHTrace Controller" (DHTRACE) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"Intel(R) NMSCore" (NMSCore) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
"Intel(R) Quality Manager" (QualityManager) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
"Intel(R) Remoting Service" (Remote UI Service) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
"Intel(R) Software Services Manager" (ISSM) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
"Intel(R) Viiv(TM) Media Server" (M1 Server) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
"TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

cosinus · 05.04.2011, 14:32

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

24.03.2011, 22:34	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Diagnostic - richtig entfernt? Die 10GB mehr Platz kamen wohl durch den OTL-Fix. Ich lasse eigentlich immer die Tempdateien gleich mit löschen Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html __________________ Logfiles bitte immer in CODE-Tags posten

05.04.2011, 14:32	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Diagnostic - richtig entfernt? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Windows Diagnostic - richtig entfernt?

Plagegeister aller Art und deren Bekämpfung: Windows Diagnostic - richtig entfernt?