Mozilla und IE (Vista) leiten mich bei Google-Such-Ergebnisse auf falsche Seiten

plinken · 01.04.2011, 19:55

Hi,
OTL durchgeführt,folgendes Ergebniss:
Hoffe hilft dir weiter...
MfG
plinken

cosinus · 02.04.2011, 13:22

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

plinken · 03.04.2011, 08:17

Hi,
also folgendes Ergebniss:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-04-02.03 - Mirko 03.04.2011   8:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1283 [GMT 2:00]
ausgeführt von:: c:\users\Mirko\Desktop\Cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\drivers\gxvxcjeylrwriurjhietxstmpawypxtbeodiu.sys
c:\windows\system32\gxvxccount
c:\windows\System32\gxvxcdkmxecirgqivqcoiuethwxujpnvyqbfc.dll
c:\windows\System32\gxvxcoiypxuuesoesnevypvywmtsgqisnbffa.dll
c:\windows\system32\setup.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gxvxcserv.sys
-------\Service_gxvxcserv.sys
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-03 bis 2011-04-03  ))))))))))))))))))))))))))))))
.
.
2011-04-03 06:58 . 2011-04-03 06:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-01 18:43 . 2011-04-01 18:43	--------	d-----w-	C:\_OTL
2011-04-01 17:44 . 2011-03-15 04:05	6792528	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7E3CCB6-5BED-46BA-AC25-5170850A3CE0}\mpengine.dll
2011-03-28 19:12 . 2011-03-28 19:12	--------	d-----w-	c:\users\Mirko\AppData\Roaming\Malwarebytes
2011-03-28 18:12 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-28 18:12 . 2011-03-28 18:12	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-28 18:12 . 2011-03-29 20:27	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-03-28 18:12 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-24 16:38 . 2011-03-24 16:39	--------	d-----w-	c:\programdata\WinZip
2011-03-24 15:26 . 2011-03-24 15:26	--------	d-----w-	c:\program files\ERUNT
2011-03-23 21:26 . 2011-03-23 21:26	--------	d-----w-	c:\program files\CCleaner
2011-03-23 06:42 . 2011-02-22 14:13	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-03-23 06:42 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-03-23 06:42 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-03-13 11:16 . 2011-03-14 13:42	365461	----a-w-	c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
2011-03-09 19:58 . 2010-12-29 18:28	322560	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 19:58 . 2010-12-29 18:28	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-09 19:58 . 2010-12-29 18:28	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 19:58 . 2010-12-29 18:26	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 19:58 . 2010-12-17 15:45	2067968	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 19:58 . 2010-12-17 13:54	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-03-08 20:19 . 2011-03-08 20:19	--------	d-----w-	c:\program files\Common Files\Java
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 21:18 . 2009-03-27 00:20	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-10 18:00 . 2011-02-10 18:00	1409	----a-w-	c:\windows\QTFont.for
2011-02-02 20:40 . 2010-04-24 06:10	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2009-10-02 21:33	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-10 17:55	638336	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 17:55	478720	----a-w-	c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 17:55	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 17:55	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-10 17:55	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 17:55	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-10 17:55	37376	----a-w-	c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 17:55	258048	----a-w-	c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 17:55	586240	----a-w-	c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 17:55	2873344	----a-w-	c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 17:55	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 17:55	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 17:55	98816	----a-w-	c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-10 17:55	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 17:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 17:55	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 17:55	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 17:55	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 17:55	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 17:55	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 17:55	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 17:55	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 17:55	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 17:55	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 17:55	683008	----a-w-	c:\windows\system32\d2d1.dll
2011-01-10 13:23 . 2009-03-27 00:20	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-01-08 08:47 . 2011-02-10 17:55	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 17:55	292352	----a-w-	c:\windows\system32\atmfd.dll
2011-03-18 17:56 . 2011-03-25 07:12	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Anleitung.exe [2011-3-14 365461]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2007-02-02 15:26	283136	----a-w-	c:\program files\avmwlanstick\FRITZWLANMini.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-09-14 17:55	26112	----a-w-	c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37	37888	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"SmpcSys"=c:\program files\Packard Bell\SetupmyPC\SmpSys.exe
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"toolbar_eula_launcher"=c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-25 4352]
R3 DGrabTerratec;Cameo Grabster 200;c:\windows\system32\Drivers\CsMini20.sys [2003-04-22 46248]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
R3 TerratecScan;TerraTec Still Image;c:\windows\system32\Drivers\cresscan.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 AVHybrid;AVHybrid service;c:\windows\system32\DRIVERS\AVHybrid.sys [2006-05-16 891776]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-08 113664]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-03 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-21 16:47]
.
2011-04-03 c:\windows\Tasks\Erweiterte Garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2009-03-26 16:38]
.
2011-04-03 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2009-03-26 16:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\stgh4yfd.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2588)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-03  09:07:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-03 07:07
.
Vor Suchlauf: 22 Verzeichnis(se), 240.077.090.816 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 240.390.635.520 Bytes frei
.
- - End Of File - - 12EB5D18820B377650828B0BC6D19FD2

--- --- ---

Hoffe du kannst was damit anfangen,ich versteh nur Bahnhof ... ;-(
Gruß
Mirko

cosinus · 03.04.2011, 14:14

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

plinken · 03.04.2011, 14:58

Hi Arne,
folgendes Ergebniss...

2011/04/03 15:54:12.0636 2772 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/03 15:54:12.0667 2772 ================================================================================
2011/04/03 15:54:12.0667 2772 SystemInfo:
2011/04/03 15:54:12.0667 2772
2011/04/03 15:54:12.0667 2772 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/03 15:54:12.0667 2772 Product type: Workstation
2011/04/03 15:54:12.0667 2772 ComputerName: MIRKO-PC
2011/04/03 15:54:12.0667 2772 UserName: Mirko
2011/04/03 15:54:12.0667 2772 Windows directory: C:\Windows
2011/04/03 15:54:12.0667 2772 System windows directory: C:\Windows
2011/04/03 15:54:12.0667 2772 Processor architecture: Intel x86
2011/04/03 15:54:12.0667 2772 Number of processors: 2
2011/04/03 15:54:12.0667 2772 Page size: 0x1000
2011/04/03 15:54:12.0667 2772 Boot type: Normal boot
2011/04/03 15:54:12.0667 2772 ================================================================================
2011/04/03 15:54:12.0932 2772 Initialize success
2011/04/03 15:54:15.0662 3672 ================================================================================
2011/04/03 15:54:15.0662 3672 Scan started
2011/04/03 15:54:15.0662 3672 Mode: Manual;
2011/04/03 15:54:15.0662 3672 ================================================================================
2011/04/03 15:54:16.0770 3672 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/04/03 15:54:16.0879 3672 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/03 15:54:17.0206 3672 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/03 15:54:17.0378 3672 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/03 15:54:17.0440 3672 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/03 15:54:17.0518 3672 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/03 15:54:17.0581 3672 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/03 15:54:17.0674 3672 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/03 15:54:17.0768 3672 aliide (c20f9bce0956a7e3deaa6848ee1f1682) C:\Windows\system32\drivers\aliide.sys
2011/04/03 15:54:17.0815 3672 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/03 15:54:17.0846 3672 amdide (bee39c63d6259f795d110fe89fd9f056) C:\Windows\system32\drivers\amdide.sys
2011/04/03 15:54:17.0893 3672 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/03 15:54:17.0924 3672 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/03 15:54:17.0986 3672 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/03 15:54:18.0002 3672 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/03 15:54:18.0111 3672 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/03 15:54:18.0205 3672 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/03 15:54:18.0392 3672 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/04/03 15:54:18.0486 3672 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/03 15:54:18.0626 3672 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/03 15:54:18.0673 3672 AVHybrid (ea36eb6a573871148095b6ad87941195) C:\Windows\system32\DRIVERS\AVHybrid.sys
2011/04/03 15:54:18.0782 3672 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/03 15:54:18.0985 3672 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
2011/04/03 15:54:19.0032 3672 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/03 15:54:19.0094 3672 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/03 15:54:19.0156 3672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/03 15:54:19.0172 3672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/03 15:54:19.0234 3672 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/03 15:54:19.0281 3672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/03 15:54:19.0312 3672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/03 15:54:19.0328 3672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/03 15:54:19.0359 3672 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/03 15:54:19.0422 3672 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/03 15:54:19.0453 3672 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/03 15:54:19.0531 3672 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/03 15:54:19.0578 3672 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/03 15:54:19.0656 3672 cmdide (4fdf23b1124b36c2cfd0f675f950ae1b) C:\Windows\system32\drivers\cmdide.sys
2011/04/03 15:54:19.0687 3672 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2011/04/03 15:54:19.0718 3672 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/03 15:54:19.0734 3672 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/03 15:54:19.0780 3672 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/03 15:54:19.0843 3672 DGrabTerratec (a0149157470717deab36d8c08a1bd2d8) C:\Windows\system32\Drivers\CsMini20.sys
2011/04/03 15:54:19.0874 3672 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/03 15:54:19.0936 3672 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/03 15:54:19.0999 3672 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/03 15:54:20.0061 3672 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/03 15:54:20.0170 3672 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/03 15:54:20.0264 3672 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/03 15:54:20.0404 3672 ewusbnet (4b36d96340200512c7974307d0f7d8b3) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/04/03 15:54:20.0436 3672 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/03 15:54:20.0482 3672 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/03 15:54:20.0514 3672 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/03 15:54:20.0560 3672 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/03 15:54:20.0607 3672 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/03 15:54:20.0654 3672 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/03 15:54:20.0701 3672 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/03 15:54:20.0763 3672 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/03 15:54:20.0810 3672 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/04/03 15:54:20.0841 3672 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/03 15:54:20.0872 3672 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/04/03 15:54:20.0919 3672 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/03 15:54:20.0966 3672 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/03 15:54:21.0013 3672 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/03 15:54:21.0075 3672 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/03 15:54:21.0138 3672 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/03 15:54:21.0216 3672 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/03 15:54:21.0247 3672 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/03 15:54:21.0309 3672 hwdatacard (1fc7a63148e4f2bd831dab0dc732026d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/03 15:54:21.0387 3672 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/04/03 15:54:21.0465 3672 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/03 15:54:21.0512 3672 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/03 15:54:21.0559 3672 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/03 15:54:21.0606 3672 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/03 15:54:21.0668 3672 intelide (c87b3428607ef44068df98a8d1904785) C:\Windows\system32\drivers\intelide.sys
2011/04/03 15:54:21.0699 3672 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/03 15:54:21.0762 3672 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/03 15:54:21.0840 3672 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/03 15:54:21.0918 3672 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/03 15:54:21.0996 3672 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/03 15:54:22.0042 3672 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/03 15:54:22.0245 3672 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/03 15:54:22.0323 3672 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/03 15:54:22.0370 3672 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/03 15:54:22.0401 3672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/03 15:54:22.0479 3672 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/03 15:54:22.0542 3672 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/03 15:54:22.0635 3672 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/03 15:54:22.0744 3672 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/03 15:54:22.0807 3672 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/03 15:54:22.0838 3672 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/03 15:54:22.0885 3672 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/03 15:54:23.0010 3672 LVCap138 (66c56a36f0dc35ba14ffb3edfb7bca17) C:\Windows\system32\DRIVERS\tvcap.sys
2011/04/03 15:54:23.0119 3672 lvtuner (fcaf5b1b8fc324a153580df00ad578d3) C:\Windows\system32\DRIVERS\tvtuner.sys
2011/04/03 15:54:23.0166 3672 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/03 15:54:23.0244 3672 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/03 15:54:23.0384 3672 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/03 15:54:23.0462 3672 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/03 15:54:23.0556 3672 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/03 15:54:23.0649 3672 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/03 15:54:23.0696 3672 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/03 15:54:23.0743 3672 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/03 15:54:23.0821 3672 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/03 15:54:23.0883 3672 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/03 15:54:23.0946 3672 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/03 15:54:23.0992 3672 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/03 15:54:24.0055 3672 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/03 15:54:24.0102 3672 msahci (a7df0c3adb40919f91b2917fbe07a370) C:\Windows\system32\drivers\msahci.sys
2011/04/03 15:54:24.0133 3672 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/03 15:54:24.0211 3672 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/04/03 15:54:24.0289 3672 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/03 15:54:24.0320 3672 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/03 15:54:24.0367 3672 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/03 15:54:24.0398 3672 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/03 15:54:24.0429 3672 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/03 15:54:24.0507 3672 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/03 15:54:24.0585 3672 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/03 15:54:24.0632 3672 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/03 15:54:24.0663 3672 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/03 15:54:24.0741 3672 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/03 15:54:24.0788 3672 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/03 15:54:24.0835 3672 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/03 15:54:24.0866 3672 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/03 15:54:24.0944 3672 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/03 15:54:25.0038 3672 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/03 15:54:25.0069 3672 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/03 15:54:25.0116 3672 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/03 15:54:25.0194 3672 netr73 (c9afe484b3645da74fd459f45e4f756f) C:\Windows\system32\DRIVERS\netr73.sys
2011/04/03 15:54:25.0256 3672 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/03 15:54:25.0334 3672 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/03 15:54:25.0412 3672 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/03 15:54:25.0490 3672 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/03 15:54:25.0584 3672 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/03 15:54:25.0615 3672 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/03 15:54:25.0896 3672 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/03 15:54:26.0176 3672 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/03 15:54:26.0208 3672 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/03 15:54:26.0239 3672 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/03 15:54:26.0348 3672 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/03 15:54:26.0410 3672 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\Windows\system32\Drivers\ov519vid.sys
2011/04/03 15:54:26.0457 3672 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/03 15:54:26.0504 3672 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/03 15:54:26.0551 3672 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/03 15:54:26.0598 3672 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/04/03 15:54:26.0644 3672 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/03 15:54:26.0722 3672 pciide (6889e46da655916e493537032d7ef095) C:\Windows\system32\drivers\pciide.sys
2011/04/03 15:54:26.0769 3672 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/03 15:54:26.0832 3672 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/03 15:54:26.0941 3672 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/03 15:54:26.0972 3672 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/03 15:54:27.0034 3672 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/03 15:54:27.0050 3672 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/03 15:54:27.0128 3672 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/03 15:54:27.0222 3672 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/03 15:54:27.0300 3672 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/03 15:54:27.0378 3672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/03 15:54:27.0424 3672 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/03 15:54:27.0502 3672 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/03 15:54:27.0549 3672 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/03 15:54:27.0596 3672 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/03 15:54:27.0643 3672 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/03 15:54:27.0736 3672 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/03 15:54:27.0768 3672 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/03 15:54:27.0814 3672 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/03 15:54:27.0892 3672 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/03 15:54:27.0924 3672 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/04/03 15:54:27.0986 3672 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/03 15:54:28.0017 3672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/03 15:54:28.0080 3672 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/03 15:54:28.0111 3672 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/03 15:54:28.0158 3672 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/03 15:54:28.0251 3672 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/03 15:54:28.0282 3672 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/03 15:54:28.0314 3672 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/03 15:54:28.0345 3672 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/03 15:54:28.0438 3672 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/03 15:54:28.0470 3672 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/03 15:54:28.0532 3672 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/03 15:54:28.0594 3672 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/03 15:54:28.0657 3672 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/03 15:54:28.0735 3672 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/03 15:54:28.0813 3672 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/03 15:54:28.0891 3672 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/03 15:54:28.0969 3672 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/03 15:54:29.0016 3672 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/03 15:54:29.0109 3672 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/03 15:54:29.0172 3672 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/03 15:54:29.0234 3672 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/03 15:54:29.0296 3672 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/03 15:54:29.0359 3672 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/03 15:54:29.0421 3672 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/03 15:54:29.0468 3672 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/03 15:54:29.0515 3672 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/03 15:54:29.0546 3672 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/03 15:54:29.0640 3672 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/03 15:54:29.0733 3672 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/03 15:54:29.0780 3672 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/03 15:54:29.0842 3672 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/03 15:54:29.0905 3672 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/03 15:54:30.0014 3672 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/03 15:54:30.0076 3672 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/03 15:54:30.0123 3672 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/03 15:54:30.0170 3672 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/03 15:54:30.0217 3672 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/03 15:54:30.0279 3672 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/03 15:54:30.0373 3672 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/03 15:54:30.0420 3672 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/03 15:54:30.0451 3672 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/03 15:54:30.0513 3672 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/03 15:54:30.0544 3672 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/03 15:54:30.0576 3672 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/03 15:54:30.0607 3672 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/03 15:54:30.0669 3672 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/03 15:54:30.0716 3672 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/03 15:54:30.0763 3672 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/03 15:54:30.0810 3672 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/03 15:54:30.0841 3672 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/03 15:54:30.0903 3672 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/03 15:54:30.0950 3672 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/03 15:54:30.0997 3672 videX32 (4cc623591204acd5fc89bd0dad70e838) C:\Windows\system32\DRIVERS\videX32.sys
2011/04/03 15:54:31.0028 3672 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/03 15:54:31.0090 3672 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/03 15:54:31.0137 3672 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/03 15:54:31.0168 3672 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/03 15:54:31.0215 3672 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/03 15:54:31.0262 3672 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 15:54:31.0278 3672 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 15:54:31.0340 3672 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/03 15:54:31.0418 3672 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/03 15:54:31.0590 3672 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/03 15:54:31.0652 3672 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/03 15:54:31.0699 3672 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/03 15:54:31.0761 3672 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/03 15:54:31.0808 3672 xfilt (a1b2b0211441f9c822f8cbc0c2d1b41e) C:\Windows\system32\DRIVERS\xfilt.sys
2011/04/03 15:54:31.0902 3672 ================================================================================
2011/04/03 15:54:31.0902 3672 Scan finished
2011/04/03 15:54:31.0902 3672 ================================================================================

MfG
Mirko

cosinus · 03.04.2011, 15:44

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

plinken · 03.04.2011, 16:42

Hi Arne...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Packard Bell BV
System Product Name: OEM
Logical Drives Mask: 0x000020c4

Kernel Drivers (total 148):
0x82A42000 \SystemRoot\system32\ntkrnlpa.exe
0x82A0F000 \SystemRoot\system32\hal.dll
0x8060F000 \SystemRoot\system32\kdcom.dll
0x80616000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80686000 \SystemRoot\system32\PSHED.dll
0x80697000 \SystemRoot\system32\BOOTVID.dll
0x8069F000 \SystemRoot\system32\CLFS.SYS
0x806E0000 \SystemRoot\system32\CI.dll
0x83400000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8347C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83489000 \SystemRoot\system32\drivers\acpi.sys
0x834CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x834D8000 \SystemRoot\system32\drivers\msisadrv.sys
0x834E0000 \SystemRoot\system32\drivers\pci.sys
0x83507000 \SystemRoot\System32\drivers\partmgr.sys
0x83516000 \SystemRoot\system32\drivers\volmgr.sys
0x83525000 \SystemRoot\System32\drivers\volmgrx.sys
0x8356F000 \SystemRoot\system32\drivers\viaide.sys
0x83577000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x83585000 \SystemRoot\system32\DRIVERS\videX32.sys
0x8358D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8359D000 \SystemRoot\system32\drivers\atapi.sys
0x835A5000 \SystemRoot\system32\drivers\ataport.SYS
0x835C3000 \SystemRoot\system32\drivers\fltmgr.sys
0x807C0000 \SystemRoot\system32\drivers\fileinfo.sys
0x835F5000 \SystemRoot\system32\DRIVERS\xfilt.sys
0x807D0000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83603000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83674000 \SystemRoot\system32\drivers\ndis.sys
0x8377F000 \SystemRoot\system32\drivers\msrpc.sys
0x837AA000 \SystemRoot\system32\drivers\NETIO.SYS
0x88A0C000 \SystemRoot\System32\drivers\tcpip.sys
0x88AF6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88C09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D19000 \SystemRoot\system32\drivers\volsnap.sys
0x88D52000 \SystemRoot\system32\DRIVERS\uagp35.sys
0x88D63000 \SystemRoot\System32\Drivers\spldr.sys
0x88D6B000 \SystemRoot\System32\Drivers\mup.sys
0x88D7A000 \SystemRoot\System32\drivers\ecache.sys
0x88DA1000 \SystemRoot\system32\drivers\disk.sys
0x88DB2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88DD3000 \SystemRoot\system32\drivers\crcdisk.sys
0x88B11000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88B1C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8CA0F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D517000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8D519000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D5B9000 \SystemRoot\System32\drivers\watchdog.sys
0x8D5C5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D5DD000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8D5E4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x88B2B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D5EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88B69000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88B7C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88B87000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x88B96000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x88BA6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8D605000 \SystemRoot\system32\DRIVERS\AVHybrid.sys
0x8D6DF000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D709000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x8D70C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D799000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x88BB4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D7C8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D7D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D7EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x837E5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8DA04000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8DA18000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8DA2D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DA3D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8DA3F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DA49000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8DA56000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8DA8B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DA9C000 \SystemRoot\system32\drivers\HdAudio.sys
0x8DADB000 \SystemRoot\system32\drivers\portcls.sys
0x8DB08000 \SystemRoot\system32\drivers\drmk.sys
0x8DB2D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8DB36000 \SystemRoot\System32\Drivers\Null.SYS
0x8DB3D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8DB4D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DB54000 \SystemRoot\System32\drivers\vga.sys
0x8DB60000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8DB81000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8DB89000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8DB91000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8DB9C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DBAA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DBB3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DBC9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DC0E000 \SystemRoot\system32\drivers\afd.sys
0x8DC56000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DC88000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DC9E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DCAC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DCBF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8DCC5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DD01000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DD0B000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DD22000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8DD48000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8DD4A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DD57000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8DD62000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8DD6A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8DD81000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DD83000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0x8DD9D000 \SystemRoot\system32\drivers\modem.sys
0x8DDAA000 \SystemRoot\system32\DRIVERS\ewusbnet.sys
0x8DDC9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x96880000 \SystemRoot\System32\win32k.sys
0x8DDDE000 \SystemRoot\System32\drivers\Dxapi.sys
0x99205000 \SystemRoot\System32\Drivers\ov519vid.sys
0x9922E000 \SystemRoot\System32\Drivers\STREAM.SYS
0x9923B000 \SystemRoot\System32\Drivers\ov519cmd.sys
0x99241000 \SystemRoot\system32\drivers\usbaudio.sys
0x99253000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96AA0000 \SystemRoot\System32\TSDDD.dll
0x96AC0000 \SystemRoot\System32\cdd.dll
0x99262000 \SystemRoot\system32\drivers\luafv.sys
0x9927D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9929A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x992AA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x992D4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x992DE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x992F1000 \SystemRoot\system32\drivers\HTTP.sys
0x9CC09000 \SystemRoot\system32\drivers\spsys.sys
0x9CCB9000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9CCCF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9CCEC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9CD05000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9CD1A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CD39000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CD72000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CD8A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CDB2000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F406000 \SystemRoot\system32\drivers\peauth.sys
0x9F4E4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F4EE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F4FA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9F50F000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9F535000 \??\C:\Users\Mirko\AppData\Local\Temp\ugdoypoc.sys
0x777E0000 \Windows\System32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
556 csrss.exe
616 C:\Windows\System32\wininit.exe
624 csrss.exe
660 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\winlogon.exe
860 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\nvvsvc.exe
956 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\SLsvc.exe
1340 C:\Windows\System32\svchost.exe
1460 C:\Windows\System32\nvvsvc.exe
1532 C:\Windows\System32\svchost.exe
1756 C:\Windows\System32\spoolsv.exe
1816 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1828 C:\Windows\System32\svchost.exe
564 C:\Windows\System32\taskeng.exe
940 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1360 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
1952 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2124 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2192 C:\Windows\System32\dwm.exe
2220 C:\Windows\explorer.exe
2264 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2428 C:\Windows\System32\taskeng.exe
2524 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2572 C:\Windows\System32\svchost.exe
2608 C:\Windows\System32\svchost.exe
2664 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2704 C:\Windows\System32\SearchIndexer.exe
2852 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2968 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3096 WUDFHost.exe
3424 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3444 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
3552 C:\Windows\System32\mobsync.exe
3788 C:\Windows\System32\svchost.exe
1284 C:\Program Files\Windows Media Player\wmpnscfg.exe
892 C:\Program Files\Windows Media Player\wmpnetwk.exe
248 C:\Program Files\Mobile Partner\Mobile Partner.exe
3776 C:\Program Files\Mozilla Firefox\firefox.exe
3016 C:\Users\Mirko\Desktop\osam_autorun_manager_5_0_portable\osam.exe
2080 C:\Windows\System32\SearchProtocolHost.exe
472 C:\Windows\System32\SearchFilterHost.exe
3084 C:\Users\Mirko\Desktop\MBRCheck.exe
3848 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`00100000 (NTFS)

PhysicalDrive0 Model Number: ST3500830AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

MfG
Mirko

plinken · 03.04.2011, 16:43

Hab noch was vergessen...
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 17:39:42 on 03.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Erweiterte Garantie.job" - "Packard Bell BV" - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"Recovery DVD Creator.job" - "Packard Bell BV" - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
"prefscpl.cpl" - "RealNetworks, Inc." - C:\Windows\system32\prefscpl.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\Windows\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\Cofi\catchme.sys  (File not found)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\Windows\System32\Drivers\GEARAspiWDM.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SANDRA" (SANDRA) - ? - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys  (File not found)
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\Windows\System32\drivers\RTKVHDA.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TerraTec Still Image" (TerratecScan) - ? - C:\Windows\System32\Drivers\cresscan.sys  (File not found)
"ugdoypoc" (ugdoypoc) - ? - C:\Users\Mirko\AppData\Local\Temp\ugdoypoc.sys  (Hidden registry entry, rootkit activity | File not found)
"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\Windows\System32\erasext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? -   (File not found | COM-object registry key not found)
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? -   (File not found | COM-object registry key not found)
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\Windows\System32\uxtuneup.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{79E0C1C0-316D-11D5-A72A-006097BFA1AC} "EPSON Web Printer-SelfTest Control Class" - ? - C:\Windows\system32\Epson\EST\ESTPTest\ESTPTest.ocx / hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\Windows\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238606493000
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Anleitung.exe" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\Windows\System32\TuneUpDefragService.exe
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software GmbH" - C:\Windows\System32\uxtuneup.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - ? - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe  (File not found)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-03 17:29:46
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500830AS rev.3.AAD
Running: gbjnlf2l.exe; Driver: C:\Users\Mirko\AppData\Local\Temp\ugdoypoc.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74737817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [7478A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [7473BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [7472F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [747375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7472E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74768395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [7473DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [7472FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [7472FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [747271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [747BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [7475C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [7472D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74726853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [7472687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[2220] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [74732AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

cosinus · 03.04.2011, 17:06

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

plinken · 05.04.2011, 13:20

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 04/05/2011 at 09:51 AM

Application Version : 4.50.1002

Core Rules Database Version : 6754
Trace Rules Database Version: 4566

Scan type : Complete Scan
Total Scan Time : 01:27:33

Memory items scanned : 666
Memory threats detected : 0
Registry items scanned : 9398
Registry threats detected : 0
File items scanned : 122138
File threats detected : 1

Trojan.Agent/Gen-FakeAV
C:\PROGRAM FILES\WINRAR\DEFAULT.SFX

plinken · 05.04.2011, 13:21

Malwarebytes' Anti-Malware 1.50
Malwarebytes

Datenbank Version: 6273

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

05.04.2011 10:57:13
mbam-log-2011-04-05 (10-57-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 273975
Laufzeit: 57 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 05.04.2011, 14:33

Nur ein Fehlalarm. Rechner wieder ok?

plinken · 05.04.2011, 14:41

Hi Arne,
es scheint als klappt es wieder...Mal sehen wie lange;-)
Erstmal besten dank für deine Hilfe,war echt super!!!!Werde dies Board auf jedenfall witerempfehlen...
Bis dahin
Gruß Mirko

cosinus · 05.04.2011, 14:59

Dann wären wir durch!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

03.04.2011, 14:14	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mozilla und IE (Vista) leiten mich bei Google-Such-Ergebnisse auf falsche Seiten Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html __________________ Logfiles bitte immer in CODE-Tags posten

03.04.2011, 17:06	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mozilla und IE (Vista) leiten mich bei Google-Such-Ergebnisse auf falsche Seiten Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

05.04.2011, 14:33	#27
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mozilla und IE (Vista) leiten mich bei Google-Such-Ergebnisse auf falsche Seiten Nur ein Fehlalarm. Rechner wieder ok? __________________ Logfiles bitte immer in CODE-Tags posten

Mozilla und IE (Vista) leiten mich bei Google-Such-Ergebnisse auf falsche Seiten

Log-Analyse und Auswertung: Mozilla und IE (Vista) leiten mich bei Google-Such-Ergebnisse auf falsche Seiten