Anmeldung am System unmöglich - MBAM findet Trojan.FakeAlert

Psychotic · 22.03.2011, 19:09

Hallo Kollegen,

DAS ist leider eine Nummer zu groß für mich und der Besitzer des Rechner ist ein Super-DAU - könnt ihr mir im Rahmen freier Kapazitäten bitte helfen?

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6132

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.03.2011 18:43:54
mbam-log-2011-03-22 (18-43-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 315258
Laufzeit: 42 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Horst\AppData\Roaming\microsoft\jcuqcb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Horst\AppData\Roaming\microsoft\xmneht.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\cmdow.exe (PUP.Tool) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\cmdow.exe (PUP.Tool) -> Quarantined and deleted successfully.

Code:

ATTFilter

OTL logfile created on: 22.03.2011 18:45:05 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Eigene Dateien\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 78,50 Gb Free Space | 67,42% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 201,73 Gb Free Space | 61,17% Space Free | Partition Type: NTFS
 
Computer Name: HORST-PC | User Name: Horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.22 17:59:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Downloads\OTL.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.22 17:59:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Downloads\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.11 14:44:45 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.06.22 20:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.08.06 23:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV:64bit: - [2007.04.19 15:43:56 | 000,566,192 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2011.01.06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010.10.25 09:01:42 | 000,517,448 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.03.25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxczcoms.exe -- (lxcz_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.12.08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010.11.12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010.11.11 03:33:37 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010.09.07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010.09.07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010.08.19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010.08.19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010.08.11 15:15:49 | 007,765,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.11 14:11:07 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.07.15 01:47:41 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.07.14 07:17:27 | 000,735,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.06.08 03:33:13 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.04.13 11:15:03 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.03.02 09:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.02.25 04:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.20 03:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.08.18 13:06:36 | 000,135,168 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.08.18 13:06:36 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.08.18 09:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.08.06 23:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008.05.02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2007.08.03 05:26:47 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2117678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010.12.28 12:10:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.20 04:34:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.20 04:34:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.20 04:54:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.06 09:14:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.14 19:17:10 | 000,000,000 | ---D | M]
 
[2010.12.19 23:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\Extensions
[2011.03.21 10:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\n4ia1ssw.default\extensions
[2010.12.20 01:17:35 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\n4ia1ssw.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2011.03.01 19:50:09 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\n4ia1ssw.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2011.03.04 13:41:52 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\n4ia1ssw.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2010.12.20 01:13:40 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\n4ia1ssw.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.03.01 16:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.12.29 14:29:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.01 16:47:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.12.28 20:42:31 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES (X86)\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.03 12:48:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 12:48:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 12:48:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 12:48:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 12:48:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Power2GoExpress]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{daa68c9f-2fbc-11e0-ab6b-20cf30d3173e}\Shell - "" = AutoRun
O33 - MountPoints2\{daa68c9f-2fbc-11e0-ab6b-20cf30d3173e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.22 17:58:26 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Malwarebytes
[2011.03.22 17:58:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.03.22 17:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.22 17:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.22 17:58:17 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.03.22 17:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.03.22 17:51:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.03.21 10:26:01 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sicherheit
[2011.03.21 10:25:09 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drucken & Scannen
[2011.03.21 10:24:14 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steuer
[2011.03.21 10:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.03.21 10:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.03.21 10:00:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.03.09 16:46:28 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.09 16:46:28 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.09 16:46:28 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.09 16:46:28 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.09 16:46:28 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.09 16:46:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.09 16:46:28 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.09 16:46:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.09 16:46:22 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.09 16:46:22 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.09 16:46:22 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.09 16:46:22 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011.03.04 13:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011.03.04 13:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2011.03.04 13:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH
[2011.03.04 13:41:45 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Local\Conduit
[2011.03.01 16:47:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.03.01 16:47:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.03.01 16:47:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.12.29 00:19:40 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2010.12.29 00:19:40 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2010.12.29 00:19:40 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2010.12.29 00:19:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2010.12.29 00:19:40 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2010.12.29 00:19:40 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2010.12.29 00:19:40 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2010.12.29 00:19:40 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2010.12.29 00:19:40 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2010.12.29 00:19:40 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2010.12.29 00:19:40 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2010.12.29 00:19:40 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2010.12.29 00:19:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2010.12.29 00:19:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2010.12.29 00:19:39 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.22 18:00:14 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.22 18:00:14 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.22 17:58:21 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.22 17:52:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.22 17:52:50 | 3161,858,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.22 03:25:09 | 109,468,359 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011.03.21 00:22:32 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.21 00:22:32 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.21 00:22:32 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.21 00:22:32 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.21 00:22:32 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.26 10:59:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01005.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.22 17:58:21 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.26 10:59:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01005.Wdf
[2011.01.30 15:11:03 | 000,006,656 | ---- | C] () -- C:\Users\Horst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.30 14:14:13 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.12.29 00:20:44 | 000,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010.12.29 00:19:40 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2010.12.29 00:19:40 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2010.12.21 01:50:10 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI
[2010.12.19 16:17:04 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.18 10:12:15 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010.11.11 03:56:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.11 03:45:56 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.03.15 20:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010.02.09 08:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009.10.26 04:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2006.05.19 04:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2001.10.10 08:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\SysWow64\dntvmc23.dll
[2001.10.10 08:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\SysWow64\dntvm23.dll
[2001.03.07 08:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\SysWow64\dnt23.dll

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 22.03.2011 18:45:05 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Eigene Dateien\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 78,50 Gb Free Space | 67,42% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 201,73 Gb Free Space | 61,17% Space Free | Partition Type: NTFS
 
Computer Name: HORST-PC | User Name: Horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{2E414A76-E6A7-3504-4235-29EAB3FE1F7A}" = ATI AVIVO64 Codecs
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{96CCD84C-3F80-C618-6202-568608213C7E}" = ccc-utility64
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{CD9EFED4-DD77-4E9C-92D4-2F77D3F46B8A}" = AVG 2011
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E92F43E9-D190-474E-8EAC-769E804D36C7}" = AVG 2011
"{FDB61EAE-7C1D-7EB6-E1EE-14528E3EB266}" = ATI Catalyst Install Manager
"AVG" = AVG 2011
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL
"Lexmark 1200 Series" = Lexmark 1200 Series
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{011162D5-6853-9D60-2BD4-1F3D01966A59}" = CCC Help English
"{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}" = Haufe iDesk-Browser
"{05CF7905-AD18-769E-7717-1DC8AF388BEA}" = CCC Help Hungarian
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1382CAD9-2A6A-F826-96DF-27CC6CC7B3B0}" = CCC Help Czech
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4C4124-6D6C-4282-63B8-F9468E4404BC}" = Catalyst Control Center InstallProxy
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{28452235-8D43-464B-EDB2-18DA5542722D}" = CCC Help Portuguese
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3BD37E91-C31A-CB8A-C48C-21CE58723AEF}" = CCC Help Polish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{47A1A0D5-37DE-7A02-F411-8DFBA338CCC2}" = CCC Help Swedish
"{47B4F3BD-1FCB-914B-397A-7220136A175F}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D38B420-FDA9-282A-DBBA-3E8E9158A5F4}" = Catalyst Control Center Localization All
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{597535B3-348A-8FBF-1C39-C21E634C1E8A}" = CCC Help Norwegian
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5E8C42DD-7E43-462C-84CC-99E5BBE3E101}" = Steuer 2007
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69A7B958-4617-9924-F32B-7C1FF3C7EE6C}" = Catalyst Control Center Graphics Previews Common
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F1081F2-B876-4E71-BC69-5FD542B3E9F1}" = Steuer Update 14.01
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AA1842-2960-328C-E51E-CEC0B23950C2}" = Catalyst Control Center Graphics Previews Vista
"{75CE15F1-3508-D4AA-6EB4-AB9D55FAD076}" = CCC Help Russian
"{76246D4D-C095-5B94-9EFA-0F6DFF804BB1}" = CCC Help Greek
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77CC4640-98F0-603A-2CDB-A981F09FED6D}" = CCC Help French
"{7D1C43EB-EAE9-5D8C-FEF4-E00AF6B9500F}" = CCC Help Finnish
"{81BEA2F5-4F9B-4AF5-A9B2-3210F71931D3}" = Catalyst Control Center - Branding
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{886EA01E-D4B4-D2E1-CEA2-213E9C06DFF5}" = CCC Help Spanish
"{88799CBD-90A6-67FB-310E-79CAB1479F0F}" = CCC Help Chinese Traditional
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect Lite
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9D8847D7-DF68-2325-250A-96BE101FCF69}" = CCC Help Italian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA8F54E5-393C-B09B-B641-7CE1D1E1933F}" = CCC Help Dutch
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B754B683-E23C-4583-9312-50AD86836B42}" = Steuer Hilfesammlung
"{B8174E5B-B515-3423-1273-4B4B6B483C4B}" = CCC Help Chinese Standard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1234B72-5EAF-807C-46E8-59A1C9FEF6CA}" = CCC Help Turkish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C7B8E06E-EBBC-4210-93AB-DFC8760E3FC9}" = Works Suite-Betriebssystem-Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D28FDA7D-15C6-48A2-9868-6BCB28BE6254}" = Microsoft Picture It! Foto 2001
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D5CCDB0C-00B7-3A4F-3877-6C57920F05D8}" = CCC Help Korean
"{DA8D3A2D-5FD5-82D1-C9A8-801079EE0FD0}" = CCC Help Thai
"{DAB623DC-33F2-E22E-7B24-2270E8AB1EB3}" = ccc-core-static
"{DDA92568-FE0E-E2F4-35A5-7CD99ADACF26}" = CCC Help Danish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC6A04DE-135E-AC5C-AA19-8E350AA5B6D4}" = CCC Help German
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aldi Süd Foto Service" = Aldi Süd Foto Service 4.6
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"ALDI Sued Fotoservice_is1" = Aldi Sued Fotoservice 2.7
"Ashampoo WinOptimizer 5_is1" = Ashampoo WinOptimizer 5.13
"ASUS WebStorage" = ASUS WebStorage
"Azteca_is1" = Azteca
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX-Setup
"GNU Backgammon for Windows_is1" = GNU Backgammon 0.14.3-devel
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NCH Toolbar" = NCH Toolbar
"Prism" = Prism Video File Converter
"RealPlayer 12.0" = RealPlayer
"Shockwave" = Shockwave
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"Works2001Setup" = Microsoft Works 2001-Setup-Start
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Code:

ATTFilter

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-22 19:02:06
Windows 6.1.7600  
Running: htllw6kn.exe


---- Files - GMER 1.0.15 ----

File  C:\ADSM_PData_0150                        0 bytes
File  C:\ADSM_PData_0150\DB                     0 bytes
File  C:\ADSM_PData_0150\DB\SI.db               624 bytes
File  C:\ADSM_PData_0150\DB\UL.db               1040 bytes
File  C:\ADSM_PData_0150\DB\VL.db               6160 bytes
File  C:\ADSM_PData_0150\DB\WAL.db              2048 bytes
File  C:\ADSM_PData_0150\DragWait.exe           315392 bytes executable
File  C:\ADSM_PData_0150\_avt                   512 bytes
File  C:\Users\Horst\Gesicherte Musik           0 bytes
File  C:\Users\Horst\Gesicherte Musik\_avt      512 bytes
File  C:\Users\Horst\Gesicherte Musik\_lit      512 bytes
File  C:\Users\Horst\Gesichertes Dokument       0 bytes
File  C:\Users\Horst\Gesichertes Dokument\_avt  512 bytes
File  C:\Users\Horst\Gesichertes Dokument\_lit  512 bytes
File  C:\Users\Horst\Gesichertes Video          0 bytes
File  C:\Users\Horst\Gesichertes Video\_avt     512 bytes
File  C:\Users\Horst\Gesichertes Video\_lit     512 bytes

---- EOF - GMER 1.0.15 ----

cosinus · 24.03.2011, 10:31

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Psychotic · 24.03.2011, 10:45

Hallo cosinus,

Nein, keine weiteren MBAM-Logs.

cosinus · 24.03.2011, 11:03

Was heißt die "Anmeldung am System wäre unmöglich" genau? Geht da garnichts mehr?

Psychotic · 24.03.2011, 11:16

Zitat:

Zitat von cosinus

Was heißt die "Anmeldung am System wäre unmöglich" genau? Geht da garnichts mehr?

Nach Anmeldung am System erschien sofort das Fenster des Fakers, welches sich ohne den "scan" nciht schließen ließ. Nach abschluß des Scans blockierte die Malware sämtliche Wartungsfunktionen des Systems (z.B. Taskmanager, Systemsteuerung, usw).

Habe es über Umwege geschafft, das System mittels minimal boot in einen Zustand zu versetzten, in dem ich den Dienst des Schädlings stoppen und Firefox öffnen konnte, um MBAM zu laden und zu installieren.

Bei normalem Startvorgang ist also ein arbeiten unmöglich!

Nach dem MBAM-Lauf war das GUI des Schädlings nicht mehr da, anschließend habe ich (nach vom MBAM gefordertem Neustart) die OTL- und Gmer-Logs erstellt.

cosinus · 24.03.2011, 12:07

Dann bitte jetzt CF ausführen. AVG bitte vorher deinstallieren, wenn es geht.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Psychotic · 24.03.2011, 18:50

Code:

ATTFilter

ComboFix 11-03-23.06 - Horst 24.03.2011  18:31:34.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4021.2804 [GMT 1:00]
ausgeführt von:: c:\users\Horst\Desktop\cofi.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\users\Horst\AppData\Roaming\Local
c:\users\Horst\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
c:\users\Horst\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Horst\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Horst\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Horst\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Horst\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\Horst\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Horst\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Horst\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Horst\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\windows\system32\service
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-24 bis 2011-03-24  ))))))))))))))))))))))))))))))
.
.
2011-03-22 22:31 . 2011-02-19 12:05	1139200	----a-w-	c:\windows\system32\FntCache.dll
2011-03-22 22:31 . 2011-02-19 12:04	1544192	----a-w-	c:\windows\system32\DWrite.dll
2011-03-22 22:31 . 2011-02-19 12:04	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-03-22 22:31 . 2011-02-19 06:30	1076736	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-03-22 22:31 . 2011-02-19 06:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-03-22 22:31 . 2011-01-07 12:17	475648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-03-22 22:31 . 2011-01-07 12:17	1465344	----a-w-	c:\windows\system32\XpsPrint.dll
2011-03-22 22:31 . 2011-01-17 11:09	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2011-03-22 22:31 . 2011-01-17 05:47	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2011-03-22 22:31 . 2011-01-07 07:46	870912	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-03-22 22:31 . 2011-01-07 07:46	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-22 22:03 . 2011-03-22 22:03	--------	d-----w-	c:\windows\system32\SPReview
2011-03-22 22:00 . 2010-11-20 13:27	1110016	----a-w-	c:\windows\system32\schedsvc.dll
2011-03-22 21:59 . 2010-11-20 13:34	363392	----a-w-	c:\windows\system32\drivers\volmgrx.sys
2011-03-22 21:58 . 2010-11-20 12:21	189952	----a-w-	c:\windows\SysWow64\wdscore.dll
2011-03-22 21:58 . 2010-11-20 12:17	209920	----a-w-	c:\windows\SysWow64\PkgMgr.exe
2011-03-22 21:58 . 2010-11-20 12:18	323072	----a-w-	c:\windows\SysWow64\drvstore.dll
2011-03-22 21:58 . 2010-11-20 12:18	257024	----a-w-	c:\windows\SysWow64\dpx.dll
2011-03-22 21:58 . 2010-11-20 12:21	363008	----a-w-	c:\windows\SysWow64\wbemcomn.dll
2011-03-22 21:58 . 2010-11-20 12:19	606208	----a-w-	c:\windows\SysWow64\wbem\fastprox.dll
2011-03-22 21:54 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2011-03-22 21:54 . 2010-11-20 13:27	1225216	----a-w-	c:\windows\system32\wbem\wbemcore.dll
2011-03-22 21:54 . 2010-11-20 13:27	524288	----a-w-	c:\windows\system32\wmicmiplugin.dll
2011-03-22 21:54 . 2010-11-20 13:27	933376	----a-w-	c:\windows\system32\SmiEngine.dll
2011-03-22 21:54 . 2010-11-20 13:25	199168	----a-w-	c:\windows\system32\PkgMgr.exe
2011-03-22 21:53 . 2010-11-20 13:26	422912	----a-w-	c:\windows\system32\drvstore.dll
2011-03-22 21:53 . 2010-11-20 13:26	399872	----a-w-	c:\windows\system32\dpx.dll
2011-03-22 21:46 . 2011-03-22 21:47	--------	d-----w-	c:\windows\SysWow64\Adobe
2011-03-22 21:24 . 2011-03-22 21:24	--------	d-----w-	c:\windows\system32\EventProviders
2011-03-22 21:12 . 2011-03-22 21:12	--------	d-----w-	c:\users\Horst\AppData\Local\Secunia PSI
2011-03-22 21:12 . 2011-03-22 21:12	--------	d-----w-	c:\program files (x86)\Secunia
2011-03-22 21:04 . 2011-03-22 21:04	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2011-03-22 20:51 . 2011-03-22 20:51	--------	d-----w-	c:\program files\CCleaner
2011-03-22 16:58 . 2011-03-22 16:58	--------	d-----w-	c:\users\Horst\AppData\Roaming\Malwarebytes
2011-03-22 16:58 . 2010-12-20 17:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-22 16:58 . 2011-03-22 16:58	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-22 16:58 . 2011-03-22 16:58	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-22 16:58 . 2010-12-20 17:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-21 09:02 . 2011-03-21 09:02	--------	d-----w-	c:\program files\iTunes
2011-03-21 09:02 . 2011-03-21 09:02	--------	d-----w-	c:\program files\iPod
2011-03-09 15:46 . 2010-12-23 10:42	1118720	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 15:46 . 2010-12-23 10:42	961024	----a-w-	c:\windows\system32\CPFilters.dll
2011-03-09 15:46 . 2010-12-23 10:42	723968	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 15:46 . 2010-12-23 10:36	259072	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 15:46 . 2010-12-23 05:54	850944	----a-w-	c:\windows\SysWow64\sbe.dll
2011-03-09 15:46 . 2010-12-23 05:54	642048	----a-w-	c:\windows\SysWow64\CPFilters.dll
2011-03-09 15:46 . 2010-12-23 05:54	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-03-09 15:46 . 2010-12-23 05:50	199680	----a-w-	c:\windows\SysWow64\mpg2splt.ax
2011-03-04 12:41 . 2011-03-22 20:40	--------	d-----w-	c:\users\Horst\AppData\Local\Conduit
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-22 22:12 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-03-22 22:12 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-02-02 20:40 . 2010-12-29 13:29	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-01-07 12:14 . 2011-02-11 07:13	46080	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 09:51 . 2011-02-11 07:15	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-01-07 09:20 . 2011-02-11 07:13	366592	----a-w-	c:\windows\system32\atmfd.dll
2011-01-07 07:45 . 2011-02-11 07:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2011-01-07 06:01 . 2011-02-11 07:15	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-01-07 05:43 . 2011-02-11 07:13	294400	----a-w-	c:\windows\SysWow64\atmfd.dll
2011-01-05 10:34 . 2011-02-11 07:13	612864	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 06:56 . 2011-02-11 07:13	3129344	----a-w-	c:\windows\system32\win32k.sys
2011-01-05 05:55 . 2011-02-11 07:13	428032	----a-w-	c:\windows\SysWow64\vbscript.dll
2010-12-28 19:42 . 2010-12-28 19:42	86016	----a-r-	c:\users\Horst\AppData\Roaming\Microsoft\Installer\{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2010-12-20 274608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-11-11 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 136176]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2010-03-25 9216]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 05:15]
.
2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 05:15]
.
2010-12-21 c:\windows\Tasks\Net4Switch.job
- c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe [2010-12-19 09:11]
.
2011-03-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3017678217-2037610161-3931901014-1001.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-01-28 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-03-22 13:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2117678
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\n4ia1ssw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2117678&SearchSource=13
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{f4e6547e-325b-403c-a3bb-ad29ed37a92f} - (no file)
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-Power2GoExpress - (no file)
Wow6432Node-HKLM-Run-UpdatePSTShortCut - c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
HKLM-Run-ETDWare - %ProgramFiles%\Elantech\ETDCtrl.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3017678217-2037610161-3931901014-1001\Software\Zepter Software\RegLib*b88cad6b\AnyDVD/1]
"1"=dword:4d0e2fca
"2"=dword:4d0e93d7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9o.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9o.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-24  18:43:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-24 17:43
.
Vor Suchlauf: 13 Verzeichnis(se), 88.037.920.768 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 87.595.180.032 Bytes frei
.
- - End Of File - - 94CCD11AA8ED4972B06D539DBA43E1E2

cosinus · 24.03.2011, 18:56

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Psychotic · 26.03.2011, 12:27

Code:

ATTFilter

2011/03/26 12:25:46.0175 2828	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/26 12:25:48.0187 2828	================================================================================
2011/03/26 12:25:48.0187 2828	SystemInfo:
2011/03/26 12:25:48.0187 2828	
2011/03/26 12:25:48.0187 2828	OS Version: 6.1.7601 ServicePack: 1.0
2011/03/26 12:25:48.0187 2828	Product type: Workstation
2011/03/26 12:25:48.0187 2828	ComputerName: HORST-PC
2011/03/26 12:25:48.0187 2828	UserName: Horst
2011/03/26 12:25:48.0187 2828	Windows directory: C:\Windows
2011/03/26 12:25:48.0187 2828	System windows directory: C:\Windows
2011/03/26 12:25:48.0187 2828	Running under WOW64
2011/03/26 12:25:48.0187 2828	Processor architecture: Intel x64
2011/03/26 12:25:48.0187 2828	Number of processors: 8
2011/03/26 12:25:48.0187 2828	Page size: 0x1000
2011/03/26 12:25:48.0187 2828	Boot type: Normal boot
2011/03/26 12:25:48.0187 2828	================================================================================
2011/03/26 12:25:48.0873 2828	Initialize success
2011/03/26 12:25:54.0833 2956	================================================================================
2011/03/26 12:25:54.0833 2956	Scan started
2011/03/26 12:25:54.0833 2956	Mode: Manual; 
2011/03/26 12:25:54.0833 2956	================================================================================
2011/03/26 12:25:55.0691 2956	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/03/26 12:25:55.0753 2956	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/03/26 12:25:55.0815 2956	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/03/26 12:25:55.0878 2956	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/26 12:25:55.0956 2956	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/26 12:25:56.0003 2956	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/26 12:25:56.0159 2956	AFD             (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/03/26 12:25:56.0221 2956	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/03/26 12:25:56.0299 2956	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/03/26 12:25:56.0393 2956	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/03/26 12:25:56.0486 2956	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/26 12:25:56.0673 2956	amdkmdag        (83ce9dbeb00232195c55ca1a71ec4626) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/26 12:25:56.0923 2956	amdkmdap        (ede53a9c875a1fb6281a8d25f56ccd72) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/03/26 12:25:56.0985 2956	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/26 12:25:57.0032 2956	amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/03/26 12:25:57.0079 2956	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/26 12:25:57.0110 2956	amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/03/26 12:25:57.0188 2956	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/03/26 12:25:57.0329 2956	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/26 12:25:57.0375 2956	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/26 12:25:57.0407 2956	AsDsm           (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
2011/03/26 12:25:57.0500 2956	ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
2011/03/26 12:25:57.0594 2956	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/26 12:25:57.0625 2956	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/03/26 12:25:57.0703 2956	athr            (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
2011/03/26 12:25:57.0859 2956	AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\Windows\system32\drivers\AtihdW76.sys
2011/03/26 12:25:58.0015 2956	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/26 12:25:58.0093 2956	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/26 12:25:58.0140 2956	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/26 12:25:58.0249 2956	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/26 12:25:58.0280 2956	bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/26 12:25:58.0311 2956	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/26 12:25:58.0327 2956	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/26 12:25:58.0374 2956	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/26 12:25:58.0421 2956	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/26 12:25:58.0452 2956	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/26 12:25:58.0467 2956	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/26 12:25:58.0514 2956	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/26 12:25:58.0639 2956	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/26 12:25:58.0686 2956	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/03/26 12:25:58.0748 2956	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/26 12:25:58.0811 2956	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/26 12:25:58.0873 2956	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/26 12:25:58.0920 2956	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/03/26 12:25:58.0982 2956	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/03/26 12:25:59.0091 2956	CnxtHdAudService (1d6c3f92af23e352875438085f6aedee) C:\Windows\system32\drivers\CHDRT64.sys
2011/03/26 12:25:59.0201 2956	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/26 12:25:59.0247 2956	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/03/26 12:25:59.0341 2956	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/26 12:25:59.0419 2956	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/03/26 12:25:59.0466 2956	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/26 12:25:59.0513 2956	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/26 12:25:59.0606 2956	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/26 12:25:59.0653 2956	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/26 12:25:59.0778 2956	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/26 12:25:59.0981 2956	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/26 12:26:00.0027 2956	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/03/26 12:26:00.0090 2956	ETD             (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
2011/03/26 12:26:00.0152 2956	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/26 12:26:00.0183 2956	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/26 12:26:00.0230 2956	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/26 12:26:00.0261 2956	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/26 12:26:00.0293 2956	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/26 12:26:00.0355 2956	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/26 12:26:00.0402 2956	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/03/26 12:26:00.0449 2956	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/26 12:26:00.0511 2956	fssfltr         (2bf3b36b96d015af666b6aa63ae2e38f) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/03/26 12:26:00.0542 2956	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/26 12:26:00.0605 2956	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/26 12:26:00.0651 2956	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/26 12:26:00.0683 2956	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/26 12:26:00.0761 2956	ghaio           (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2011/03/26 12:26:00.0854 2956	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/26 12:26:00.0917 2956	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/03/26 12:26:00.0963 2956	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/03/26 12:26:01.0026 2956	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/03/26 12:26:01.0057 2956	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/26 12:26:01.0073 2956	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/26 12:26:01.0119 2956	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/26 12:26:01.0182 2956	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/03/26 12:26:01.0244 2956	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/03/26 12:26:01.0291 2956	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/03/26 12:26:01.0353 2956	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/26 12:26:01.0416 2956	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/03/26 12:26:01.0463 2956	iaStor          (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/26 12:26:01.0525 2956	iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/03/26 12:26:01.0619 2956	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/26 12:26:01.0681 2956	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/03/26 12:26:01.0712 2956	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/26 12:26:01.0759 2956	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/26 12:26:01.0806 2956	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/03/26 12:26:01.0837 2956	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/26 12:26:01.0993 2956	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/26 12:26:02.0040 2956	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/03/26 12:26:02.0133 2956	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/03/26 12:26:02.0274 2956	JMCR            (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
2011/03/26 12:26:02.0352 2956	JME             (de4b2249d95c7815d06a39ea5ff4ee53) C:\Windows\system32\DRIVERS\JME.sys
2011/03/26 12:26:02.0445 2956	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/03/26 12:26:02.0477 2956	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/03/26 12:26:02.0523 2956	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/03/26 12:26:02.0570 2956	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/26 12:26:02.0617 2956	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/26 12:26:02.0648 2956	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/26 12:26:02.0726 2956	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/26 12:26:02.0882 2956	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/26 12:26:02.0913 2956	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/26 12:26:02.0960 2956	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/26 12:26:03.0007 2956	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/26 12:26:03.0069 2956	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/26 12:26:03.0132 2956	massfilter      (7aeac0b5b185cb5601673a0462c7ec36) C:\Windows\system32\DRIVERS\massfilter.sys
2011/03/26 12:26:03.0163 2956	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/26 12:26:03.0210 2956	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/26 12:26:03.0241 2956	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/26 12:26:03.0272 2956	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/26 12:26:03.0335 2956	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/03/26 12:26:03.0428 2956	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/26 12:26:03.0491 2956	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/03/26 12:26:03.0537 2956	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/03/26 12:26:03.0584 2956	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/26 12:26:03.0631 2956	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/03/26 12:26:03.0678 2956	mrxsmb          (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/26 12:26:03.0725 2956	mrxsmb10        (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/26 12:26:03.0771 2956	mrxsmb20        (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/26 12:26:03.0818 2956	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/03/26 12:26:03.0865 2956	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/03/26 12:26:03.0927 2956	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/26 12:26:03.0959 2956	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/26 12:26:04.0005 2956	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/03/26 12:26:04.0068 2956	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/26 12:26:04.0177 2956	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/26 12:26:04.0208 2956	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/26 12:26:04.0271 2956	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/03/26 12:26:04.0317 2956	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/03/26 12:26:04.0364 2956	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/26 12:26:04.0395 2956	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/26 12:26:04.0442 2956	MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/03/26 12:26:04.0473 2956	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/26 12:26:04.0520 2956	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/26 12:26:04.0583 2956	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/03/26 12:26:04.0676 2956	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/26 12:26:04.0707 2956	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/26 12:26:04.0754 2956	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/26 12:26:04.0801 2956	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/26 12:26:04.0863 2956	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/03/26 12:26:04.0926 2956	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/26 12:26:04.0988 2956	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/26 12:26:05.0097 2956	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/26 12:26:05.0222 2956	nmwcdx64        (c9773ef9cbf2877725a45f07396d5da6) C:\Windows\system32\drivers\ccdcmbx64.sys
2011/03/26 12:26:05.0253 2956	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/26 12:26:05.0285 2956	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/26 12:26:05.0363 2956	Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/03/26 12:26:05.0456 2956	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/26 12:26:05.0534 2956	nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/03/26 12:26:05.0597 2956	nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/03/26 12:26:05.0753 2956	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/03/26 12:26:05.0815 2956	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/03/26 12:26:05.0877 2956	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/26 12:26:05.0940 2956	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/03/26 12:26:05.0987 2956	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/03/26 12:26:06.0049 2956	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/03/26 12:26:06.0111 2956	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/26 12:26:06.0143 2956	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/26 12:26:06.0174 2956	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/26 12:26:06.0299 2956	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/26 12:26:06.0361 2956	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/26 12:26:06.0439 2956	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/26 12:26:06.0548 2956	PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/03/26 12:26:06.0657 2956	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/26 12:26:06.0751 2956	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/26 12:26:06.0798 2956	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/26 12:26:06.0845 2956	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/26 12:26:06.0954 2956	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/26 12:26:07.0016 2956	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/26 12:26:07.0063 2956	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/26 12:26:07.0094 2956	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/26 12:26:07.0141 2956	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/26 12:26:07.0188 2956	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/26 12:26:07.0219 2956	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/26 12:26:07.0266 2956	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/26 12:26:07.0297 2956	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/26 12:26:07.0359 2956	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/03/26 12:26:07.0406 2956	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/03/26 12:26:07.0500 2956	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/26 12:26:07.0547 2956	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/03/26 12:26:07.0578 2956	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/26 12:26:07.0625 2956	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
2011/03/26 12:26:07.0734 2956	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/26 12:26:07.0827 2956	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/26 12:26:07.0843 2956	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/26 12:26:07.0890 2956	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/26 12:26:07.0937 2956	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/03/26 12:26:07.0968 2956	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/26 12:26:07.0983 2956	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/26 12:26:08.0030 2956	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/26 12:26:08.0108 2956	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
2011/03/26 12:26:08.0155 2956	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/26 12:26:08.0186 2956	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/26 12:26:08.0202 2956	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/26 12:26:08.0311 2956	SNP2UVC         (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/03/26 12:26:08.0405 2956	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/26 12:26:08.0498 2956	srv             (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
2011/03/26 12:26:08.0545 2956	srv2            (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/26 12:26:08.0592 2956	srvnet          (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/26 12:26:08.0639 2956	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/26 12:26:08.0685 2956	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/03/26 12:26:08.0826 2956	Tcpip           (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/03/26 12:26:08.0982 2956	TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/26 12:26:09.0044 2956	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/26 12:26:09.0091 2956	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/26 12:26:09.0122 2956	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/26 12:26:09.0169 2956	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/26 12:26:09.0200 2956	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/03/26 12:26:09.0325 2956	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/26 12:26:09.0403 2956	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/03/26 12:26:09.0497 2956	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/26 12:26:09.0528 2956	TurboB          (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
2011/03/26 12:26:09.0575 2956	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/26 12:26:09.0621 2956	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/26 12:26:09.0684 2956	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/26 12:26:09.0746 2956	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/03/26 12:26:09.0793 2956	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/26 12:26:09.0855 2956	usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/03/26 12:26:09.0902 2956	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/03/26 12:26:09.0980 2956	usbehci         (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/26 12:26:10.0058 2956	usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/03/26 12:26:10.0121 2956	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/26 12:26:10.0152 2956	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/26 12:26:10.0199 2956	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/26 12:26:10.0261 2956	USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/03/26 12:26:10.0308 2956	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/26 12:26:10.0355 2956	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/03/26 12:26:10.0448 2956	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/03/26 12:26:10.0511 2956	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/26 12:26:10.0542 2956	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/26 12:26:10.0589 2956	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/03/26 12:26:10.0635 2956	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/03/26 12:26:10.0698 2956	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/03/26 12:26:10.0745 2956	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/03/26 12:26:10.0776 2956	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/03/26 12:26:10.0838 2956	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/26 12:26:10.0869 2956	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/26 12:26:10.0885 2956	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/26 12:26:10.0916 2956	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/26 12:26:10.0963 2956	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/26 12:26:10.0979 2956	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/26 12:26:11.0088 2956	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/26 12:26:11.0119 2956	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/26 12:26:11.0197 2956	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/26 12:26:11.0244 2956	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/03/26 12:26:11.0291 2956	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/26 12:26:11.0400 2956	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/26 12:26:11.0447 2956	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/26 12:26:11.0525 2956	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/26 12:26:11.0587 2956	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/03/26 12:26:11.0634 2956	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/26 12:26:11.0696 2956	ZTEusbmdm6k     (bcd008c9fc4b57c107cbcfc3e77b58ba) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/03/26 12:26:11.0759 2956	ZTEusbnet       (9e74e0d096f8023a68a262a012153182) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
2011/03/26 12:26:11.0805 2956	ZTEusbnmea      (bcd008c9fc4b57c107cbcfc3e77b58ba) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/03/26 12:26:11.0852 2956	ZTEusbser6k     (bcd008c9fc4b57c107cbcfc3e77b58ba) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/03/26 12:26:11.0930 2956	ZTEusbvoice     (bcd008c9fc4b57c107cbcfc3e77b58ba) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
2011/03/26 12:26:12.0008 2956	================================================================================
2011/03/26 12:26:12.0008 2956	Scan finished
2011/03/26 12:26:12.0008 2956	================================================================================
2011/03/26 12:27:34.0376 1756	Deinitialize success

cosinus · 26.03.2011, 19:07

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Psychotic · 27.03.2011, 20:25

Code:

ATTFilter

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-27 21:19:37
Windows 6.1.7601 Service Pack 1 
Running: htllw6kn.exe


---- Files - GMER 1.0.15 ----

File  C:\ADSM_PData_0150                        0 bytes
File  C:\ADSM_PData_0150\DB                     0 bytes
File  C:\ADSM_PData_0150\DB\SI.db               624 bytes
File  C:\ADSM_PData_0150\DB\UL.db               1040 bytes
File  C:\ADSM_PData_0150\DB\VL.db               6160 bytes
File  C:\ADSM_PData_0150\DB\WAL.db              2048 bytes
File  C:\ADSM_PData_0150\DragWait.exe           315392 bytes executable
File  C:\ADSM_PData_0150\_avt                   512 bytes
File  C:\Users\Horst\Gesicherte Musik           0 bytes
File  C:\Users\Horst\Gesicherte Musik\_avt      512 bytes
File  C:\Users\Horst\Gesicherte Musik\_lit      512 bytes
File  C:\Users\Horst\Gesichertes Dokument       0 bytes
File  C:\Users\Horst\Gesichertes Dokument\_avt  512 bytes
File  C:\Users\Horst\Gesichertes Dokument\_lit  512 bytes
File  C:\Users\Horst\Gesichertes Video          0 bytes
File  C:\Users\Horst\Gesichertes Video\_avt     512 bytes
File  C:\Users\Horst\Gesichertes Video\_lit     512 bytes

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	ASUSTeK Computer Inc.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		ASUSTeK Computer Inc.
System Product Name:		K52JT
Logical Drives Mask:		0x0000003c

Kernel Drivers (total 193):
  0x02C1E000 \SystemRoot\system32\ntoskrnl.exe
  0x03208000 \SystemRoot\system32\hal.dll
  0x00BB8000 \SystemRoot\system32\kdcom.dll
  0x00C7D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00CCC000 \SystemRoot\system32\PSHED.dll
  0x00CE0000 \SystemRoot\system32\CLFS.SYS
  0x00D3E000 \SystemRoot\system32\CI.dll
  0x00E9C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F40000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F4F000 \SystemRoot\system32\drivers\ACPI.sys
  0x00FA6000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00FAF000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00FB9000 \SystemRoot\system32\drivers\pci.sys
  0x00FEC000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E15000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x00E1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x00E2A000 \SystemRoot\system32\drivers\volmgr.sys
  0x00E3F000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00FF9000 \SystemRoot\system32\drivers\pciide.sys
  0x00C00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00C10000 \SystemRoot\System32\drivers\mountmgr.sys
  0x0101C000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x01226000 \SystemRoot\system32\drivers\atapi.sys
  0x0122F000 \SystemRoot\system32\drivers\ataport.SYS
  0x01259000 \SystemRoot\system32\drivers\msahci.sys
  0x01264000 \SystemRoot\system32\drivers\amdxata.sys
  0x0126F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x012BB000 \SystemRoot\system32\drivers\fileinfo.sys
  0x012CF000 \SystemRoot\System32\Drivers\AsDsm.sys
  0x01454000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x012DC000 \SystemRoot\System32\Drivers\msrpc.sys
  0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x0133A000 \SystemRoot\System32\Drivers\cng.sys
  0x0141B000 \SystemRoot\System32\drivers\pcw.sys
  0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0164B000 \SystemRoot\system32\drivers\ndis.sys
  0x0173E000 \SystemRoot\system32\drivers\NETIO.SYS
  0x0179E000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01891000 \SystemRoot\System32\drivers\tcpip.sys
  0x01A95000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01ADF000 \SystemRoot\system32\drivers\volsnap.sys
  0x01B2B000 \SystemRoot\System32\Drivers\spldr.sys
  0x01B33000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01B6D000 \SystemRoot\System32\Drivers\mup.sys
  0x01B7F000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01B88000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01BC2000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x040EF000 \SystemRoot\system32\drivers\cdrom.sys
  0x04119000 \SystemRoot\System32\Drivers\Null.SYS
  0x04122000 \SystemRoot\System32\Drivers\Beep.SYS
  0x04129000 \SystemRoot\System32\drivers\vga.sys
  0x04137000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x0415C000 \SystemRoot\System32\drivers\watchdog.sys
  0x0416C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x04175000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x0417E000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x04187000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x04192000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x041A3000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x041C5000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03E00000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03E45000 \SystemRoot\system32\drivers\afd.sys
  0x041D2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x0183E000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x041DB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x041F1000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x01864000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x01BD8000 \SystemRoot\system32\drivers\termdd.sys
  0x013AC000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x01BEC000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0187F000 \SystemRoot\system32\drivers\mssmbios.sys
  0x017C9000 \SystemRoot\System32\drivers\discache.sys
  0x017D8000 \SystemRoot\System32\Drivers\dfsc.sys
  0x01600000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x01611000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x00C2A000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x04A17000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x04602000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x046F6000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x0473C000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x04760000 \SystemRoot\system32\DRIVERS\HECIx64.sys
  0x04771000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x04782000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x05442000 \SystemRoot\system32\DRIVERS\athrx.sys
  0x055CB000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x055D8000 \SystemRoot\system32\DRIVERS\jmcr.sys
  0x05400000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x047D8000 \SystemRoot\system32\DRIVERS\JME.sys
  0x051D1000 \SystemRoot\system32\drivers\i8042prt.sys
  0x052DE000 \SystemRoot\system32\DRIVERS\ETD.sys
  0x05303000 \SystemRoot\system32\drivers\mouclass.sys
  0x05312000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
  0x0531A000 \SystemRoot\system32\drivers\kbdclass.sys
  0x05329000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x05336000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x0533B000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x05351000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
  0x05359000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x05369000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x0537F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x053A3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x053AF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x053DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x05200000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x05221000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x0523B000 \SystemRoot\system32\drivers\swenum.sys
  0x0523D000 \SystemRoot\system32\drivers\ks.sys
  0x05280000 \SystemRoot\system32\drivers\umbus.sys
  0x05CB2000 \SystemRoot\system32\drivers\usbhub.sys
  0x05D0C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05D21000 \SystemRoot\system32\drivers\AtihdW76.sys
  0x05D41000 \SystemRoot\system32\drivers\portcls.sys
  0x05D7E000 \SystemRoot\system32\drivers\drmk.sys
  0x05DA0000 \SystemRoot\system32\drivers\ksthunk.sys
  0x06296000 \SystemRoot\system32\drivers\CHDRT64.sys
  0x000C0000 \SystemRoot\System32\win32k.sys
  0x0634D000 \SystemRoot\System32\drivers\Dxapi.sys
  0x06359000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x03ECE000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x06367000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x0637A000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x06388000 \SystemRoot\system32\drivers\usbccgp.sys
  0x063A5000 \SystemRoot\system32\drivers\USBD.SYS
  0x02C3D000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
  0x02C00000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x02C11000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
  0x00560000 \SystemRoot\System32\TSDDD.dll
  0x006F0000 \SystemRoot\System32\cdd.dll
  0x02C1A000 \SystemRoot\system32\drivers\luafv.sys
  0x063A7000 \SystemRoot\system32\drivers\WudfPf.sys
  0x063C8000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x06200000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x06253000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x06266000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x02DF5000 \SystemRoot\system32\DRIVERS\TurboB.sys
  0x0627E000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
  0x06E4F000 \SystemRoot\system32\drivers\HTTP.sys
  0x06F18000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x06F36000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x06F4E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x06F7B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x06FC8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x06FEC000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
  0x05C00000 \SystemRoot\system32\drivers\peauth.sys
  0x06FF4000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x06E00000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x06E31000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x07484000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x074EF000 \SystemRoot\System32\DRIVERS\srv.sys
  0x07588000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x075BE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x776B0000 \Windows\System32\ntdll.dll
  0x47FD0000 \Windows\System32\smss.exe
  0xFF9D0000 \Windows\System32\apisetschema.dll
  0xFF690000 \Windows\System32\autochk.exe
  0xFF7E0000 \Windows\System32\setupapi.dll
  0xFF790000 \Windows\System32\ws2_32.dll
  0xFF660000 \Windows\System32\rpcrt4.dll
  0xFF580000 \Windows\System32\oleaut32.dll
  0xFF500000 \Windows\System32\difxapi.dll
  0xFF3F0000 \Windows\System32\msctf.dll
  0xFF3D0000 \Windows\System32\sechost.dll
  0x775B0000 \Windows\System32\user32.dll
  0xFF360000 \Windows\System32\gdi32.dll
  0x77880000 \Windows\System32\psapi.dll
  0xFF2E0000 \Windows\System32\shlwapi.dll
  0xFF2D0000 \Windows\System32\lpk.dll
  0xFF070000 \Windows\System32\iertutil.dll
  0xFF010000 \Windows\System32\Wldap32.dll
  0xFEFF0000 \Windows\System32\imagehlp.dll
  0x77870000 \Windows\System32\normaliz.dll
  0xFEE70000 \Windows\System32\urlmon.dll
  0x77490000 \Windows\System32\kernel32.dll
  0xFEDD0000 \Windows\System32\clbcatq.dll
  0xFEBC0000 \Windows\System32\ole32.dll
  0xFEB90000 \Windows\System32\imm32.dll
  0xFEAB0000 \Windows\System32\advapi32.dll
  0xFEAA0000 \Windows\System32\nsi.dll
  0xFEA00000 \Windows\System32\msvcrt.dll
  0xFE960000 \Windows\System32\comdlg32.dll
  0xFE830000 \Windows\System32\wininet.dll
  0xFE760000 \Windows\System32\usp10.dll
  0xFD9D0000 \Windows\System32\shell32.dll
  0xFD990000 \Windows\System32\wintrust.dll
  0xFD950000 \Windows\System32\cfgmgr32.dll
  0xFD7E0000 \Windows\System32\crypt32.dll
  0xFD7C0000 \Windows\System32\devobj.dll
  0xFD720000 \Windows\System32\comctl32.dll
  0xFD6B0000 \Windows\System32\KernelBase.dll
  0xFD6A0000 \Windows\System32\msasn1.dll
  0x75640000 \Windows\SysWOW64\normaliz.dll

Processes (total 74):
       0 System Idle Process
       4 System
     348 C:\Windows\System32\smss.exe
     460 csrss.exe
     516 C:\Windows\System32\wininit.exe
     536 csrss.exe
     576 C:\Windows\System32\services.exe
     596 C:\Windows\System32\lsass.exe
     604 C:\Windows\System32\lsm.exe
     704 C:\Windows\System32\svchost.exe
     784 C:\Windows\System32\svchost.exe
     848 C:\Windows\System32\atiesrxx.exe
     892 C:\Windows\System32\winlogon.exe
     932 C:\Windows\System32\svchost.exe
     972 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\atieclxx.exe
    1096 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1252 C:\Windows\System32\FBAgent.exe
    1280 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    1328 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    1376 C:\Windows\System32\spoolsv.exe
    1416 C:\Windows\System32\svchost.exe
    1500 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1564 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1604 C:\Windows\System32\svchost.exe
    1648 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    1672 C:\Windows\System32\lxczcoms.exe
    1740 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1784 C:\Program Files (x86)\Secunia\PSI\psia.exe
    1840 C:\Program Files (x86)\Secunia\PSI\sua.exe
    1872 C:\Windows\System32\svchost.exe
    2020 C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    2440 WmiPrvSE.exe
    2508 C:\Windows\System32\svchost.exe
    2736 C:\Windows\System32\dwm.exe
    2744 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    2764 C:\Windows\explorer.exe
    2796 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2884 WmiPrvSE.exe
    2916 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    2992 C:\Windows\AsScrPro.exe
    3060 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    2304 C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
    1532 C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    1984 C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe
    2708 C:\PROGRA~2\Secunia\PSI\psi_tray.exe
    2788 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2616 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    2704 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    2672 C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    2504 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    2584 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    2608 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    3084 C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
    3092 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    3164 C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    3172 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3276 C:\Windows\System32\SearchIndexer.exe
    3512 C:\Program Files\iPod\bin\iPodService.exe
    3720 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    3768 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    3884 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    1816 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    3456 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    1996 C:\Windows\System32\svchost.exe
    2600 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3296 C:\Windows\System32\svchost.exe
    3340 C:\Windows\System32\dllhost.exe
    2484 dllhost.exe
    2952 dllhost.exe
     568 F:\MBRCheck.exe
     156 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`e2008000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000021`fe48d000  (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0003SDM1

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus · 27.03.2011, 21:19

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Psychotic · 27.03.2011, 23:41

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6186

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

28.03.2011 00:31:58
mbam-log-2011-03-28 (00-31-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 353917
Laufzeit: 25 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

SUPERAntiSpyware Scann-Protokoll
http://www.superantispyware.com

Generiert 03/28/2011 bei 00:02 AM

Version der Applikation : 4.50.1002

Version der Kern-Datenbank : 6687
Version der Spur-Datenbank : 4499

Scan Art       : kompletter Scann
Totale Scann-Zeit : 01:23:54

Gescannte Speicherelemente  : 763
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 14436
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 187366
Erfasste Datei-Elemente   : 0

24.03.2011, 10:31	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Anmeldung am System unmöglich - MBAM findet Trojan.FakeAlert Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ __________________

24.03.2011, 10:45	#3
Psychotic /// Malwareteam	Anmeldung am System unmöglich - MBAM findet Trojan.FakeAlert Hallo cosinus, Nein, keine weiteren MBAM-Logs. __________________ __________________

24.03.2011, 11:03	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Anmeldung am System unmöglich - MBAM findet Trojan.FakeAlert Was heißt die "Anmeldung am System wäre unmöglich" genau? Geht da garnichts mehr? __________________ Logfiles bitte immer in CODE-Tags posten

24.03.2011, 18:56	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Anmeldung am System unmöglich - MBAM findet Trojan.FakeAlert Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html __________________ Logfiles bitte immer in CODE-Tags posten

27.03.2011, 21:19	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Anmeldung am System unmöglich - MBAM findet Trojan.FakeAlert Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Anmeldung am System unmöglich - MBAM findet Trojan.FakeAlert

Plagegeister aller Art und deren Bekämpfung: Anmeldung am System unmöglich - MBAM findet Trojan.FakeAlert