TR/Kazy.mekml.1 - eigene Behebung über Malwarebytes ausreichend?

Davidov · 21.04.2011, 19:30

Hey ihr gelben Engel dieses Boards! Tolle Arbeit, die ihr hier macht.

Zu meinem Problem: Auch ich habe heute Mittag mir diesen Trojaner TR/Kazy.mekml.1 eingefangen. Ich hab an sich kaum Ahnung von dem ganzen Kram, aber nach allem, was ich dazu gelesen haben, vermute ich mal, dass ich mir den über Drive-by-Download eingefangen habe.
Mein PC hatte die typischen Symptome: gefakte Festplattenschadensmeldungen, Verschwinden der Datein etc.

Ich habe dann versucht, das Problem selbstständig zu lösen. Dazu habe ich Malwarebytes drüberlaufen lassen, der dann auch ein paar Infektionen beseitigt hat (siehe Anhang). Die Dateien habe ich dann wieder sichtbar gemacht über unhide. Jetzt ist scheinbar wieder alles in Ordnung und wie gehabt.
Mir ist aber klar, dass ich das Problem eventuell nur vodergründig gelöst habe und im Hintergrund irgendwo noch Malware sitzt.
Kann man das einschätzen, wenn man weiß, was für eine Infektion der PC genau hatte? Generell scheinen ja v.a. rootkits oder spyeyes gefährlich zu sein.

Meine Bitte an euch: Könnt ihr euch meine OTL logs nach der Bereinigung und den mbam log mal anschauen und beurteilen, ob ich mich jetzt entspannt zurücklehnen kann? Bzw. kann man das überhaupt daran beurteilen?

Btw: Ich weiß, dass ich meinen PC dringend häufiger updaten muss und sorgfältiger mit AV-Software arbeiten sollte. So soll es in Zukunft sein.

Vielen Dank!

cosinus · 21.04.2011, 20:48

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Davidov · 22.04.2011, 00:07

Ok, hab jetzt nochmal den Vollscan gemacht. Dabei kam eine beunruhigende Nachricht von AntiVir:

In der Datei 'C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE6JGFCM\info[1].exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Gbot.aida' [backdoor] gefunden.
Ausgeführte Aktion: Datei in Quarantäne verschieben

Backdoor-Trojaner klingt ja erstmal übel.

Der Malwarebytes output:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6414

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

22.04.2011 00:49:22
mbam-log-2011-04-22 (00-49-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 368180
Laufzeit: 1 Stunde(n), 53 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\users\david\appdata\local\microsoft\windows\temporary internet files\content.ie5\ae6jgfcm\info[1].exe (Trojan.Agent) -> No action taken.
c:\Users\David\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\IOPF8722\readme[1].exe (Trojan.FakeAlert) -> No action taken.

Das klingt ja irgendwie weniger schlimm, oder?

Im Anhang dazu noch die aktuellen OTL logs sowie den alten Malwarebytes log.

Wie steht's um meinem PC?

Vielen Dank für die Hilfe!

cosinus · 22.04.2011, 12:08

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-2627423829-1689197487-3328371932-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2627423829-1689197487-3328371932-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2627423829-1689197487-3328371932-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54949
O4 - HKU\S-1-5-21-2627423829-1689197487-3328371932-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-2627423829-1689197487-3328371932-1000..\Run: [conhost]  File not found
[2011.04.21 15:05:02 | 000,000,000 | -H-D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.21 15:01:15 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.21 15:05:11 | 000,000,585 | -H-- | M] () -- C:\Users\David\Desktop\Windows Recovery.lnk
[2011.04.21 15:05:05 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~38788872
[2011.04.21 15:05:05 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~38788872r
[2011.04.21 15:04:18 | 000,000,328 | -H-- | M] () -- C:\ProgramData\38788872
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Davidov · 22.04.2011, 18:30

Ok, hier der OTL output nach dem Fix:

All processes killed
========== OTL ==========
HKU\S-1-5-21-2627423829-1689197487-3328371932-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2627423829-1689197487-3328371932-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2627423829-1689197487-3328371932-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2627423829-1689197487-3328371932-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2627423829-1689197487-3328371932-1000\Software\Microsoft\Windows\CurrentVersion\Run\\conhost deleted successfully.
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery folder moved successfully.
File C:\ProgramData\MRtPNAFMRSnT.exe not found.
File C:\Users\David\Desktop\Windows Recovery.lnk not found.
C:\ProgramData\~38788872 moved successfully.
C:\ProgramData\~38788872r moved successfully.
C:\ProgramData\38788872 moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 2500191509 bytes
->Temporary Internet Files folder emptied: 69355096 bytes
->Java cache emptied: 97341968 bytes
->FireFox cache emptied: 43404115 bytes
->Google Chrome cache emptied: 258636902 bytes
->Flash cache emptied: 80021 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 91239163 bytes
RecycleBin emptied: 69183010 bytes

Total Files Cleaned = 2.984,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_192100

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Bin ich damit durch oder besteht noch Gefahr?

cosinus · 23.04.2011, 15:02

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Davidov · 23.04.2011, 15:31

Ok, hier das Log:

2011/04/23 16:18:40.0309 1220 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/23 16:18:40.0512 1220 ================================================================================
2011/04/23 16:18:40.0512 1220 SystemInfo:
2011/04/23 16:18:40.0512 1220
2011/04/23 16:18:40.0512 1220 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/23 16:18:40.0512 1220 Product type: Workstation
2011/04/23 16:18:40.0512 1220 ComputerName: DAVID-PC
2011/04/23 16:18:40.0512 1220 UserName: David
2011/04/23 16:18:40.0512 1220 Windows directory: C:\Windows
2011/04/23 16:18:40.0512 1220 System windows directory: C:\Windows
2011/04/23 16:18:40.0512 1220 Processor architecture: Intel x86
2011/04/23 16:18:40.0512 1220 Number of processors: 2
2011/04/23 16:18:40.0512 1220 Page size: 0x1000
2011/04/23 16:18:40.0512 1220 Boot type: Normal boot
2011/04/23 16:18:40.0512 1220 ================================================================================
2011/04/23 16:18:47.0142 1220 Initialize success
2011/04/23 16:18:49.0716 5988 ================================================================================
2011/04/23 16:18:49.0716 5988 Scan started
2011/04/23 16:18:49.0716 5988 Mode: Manual;
2011/04/23 16:18:49.0716 5988 ================================================================================
2011/04/23 16:18:50.0870 5988 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/23 16:18:50.0933 5988 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/23 16:18:51.0104 5988 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/23 16:18:51.0182 5988 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/23 16:18:51.0229 5988 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/23 16:18:51.0619 5988 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/23 16:18:51.0916 5988 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/23 16:18:52.0040 5988 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/23 16:18:52.0524 5988 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/23 16:18:52.0758 5988 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/23 16:18:52.0805 5988 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/23 16:18:52.0867 5988 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/23 16:18:52.0976 5988 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/23 16:18:53.0195 5988 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/04/23 16:18:53.0413 5988 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/23 16:18:53.0476 5988 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/23 16:18:53.0694 5988 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/23 16:18:53.0912 5988 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/23 16:18:54.0100 5988 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/23 16:18:54.0224 5988 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/23 16:18:54.0302 5988 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/23 16:18:54.0443 5988 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/23 16:18:54.0505 5988 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/23 16:18:54.0568 5988 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/23 16:18:54.0599 5988 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/23 16:18:54.0661 5988 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/23 16:18:54.0708 5988 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/23 16:18:54.0864 5988 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/23 16:18:54.0989 5988 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/23 16:18:55.0036 5988 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/23 16:18:55.0098 5988 BTHFILT (43c96c1ac278bc22e7799c23405635a0) C:\Windows\system32\DRIVERS\BthFilt.sys
2011/04/23 16:18:55.0176 5988 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/23 16:18:55.0223 5988 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/23 16:18:55.0285 5988 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/04/23 16:18:55.0394 5988 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/23 16:18:55.0457 5988 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/23 16:18:55.0519 5988 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/23 16:18:55.0644 5988 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/23 16:18:55.0862 5988 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/23 16:18:55.0956 5988 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/23 16:18:56.0050 5988 cmdGuard (8a4c864777b717ae45580c1e0de2c103) C:\Windows\system32\DRIVERS\cmdguard.sys
2011/04/23 16:18:56.0081 5988 cmdHlp (6ba0554461114a6a8c12543f6f965ccc) C:\Windows\system32\DRIVERS\cmdhlp.sys
2011/04/23 16:18:56.0128 5988 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/23 16:18:56.0206 5988 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/23 16:18:56.0252 5988 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/23 16:18:56.0268 5988 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/23 16:18:56.0362 5988 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/04/23 16:18:56.0424 5988 CVPNDRVA (465ced77e7c4f9d71b81ba600edafac1) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/04/23 16:18:56.0596 5988 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/23 16:18:56.0767 5988 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/23 16:18:56.0845 5988 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
2011/04/23 16:18:56.0923 5988 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/23 16:18:57.0095 5988 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/23 16:18:57.0282 5988 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/23 16:18:57.0313 5988 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/23 16:18:57.0438 5988 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/23 16:18:57.0532 5988 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/23 16:18:57.0594 5988 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/23 16:18:57.0734 5988 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/23 16:18:57.0922 5988 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/23 16:18:58.0078 5988 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/23 16:18:58.0312 5988 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/23 16:18:58.0795 5988 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/23 16:18:59.0060 5988 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/23 16:18:59.0310 5988 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/23 16:18:59.0778 5988 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/23 16:19:00.0106 5988 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/23 16:19:00.0293 5988 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/23 16:19:00.0449 5988 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/23 16:19:00.0667 5988 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/23 16:19:00.0979 5988 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/23 16:19:01.0057 5988 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/23 16:19:01.0322 5988 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/23 16:19:01.0666 5988 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/23 16:19:02.0087 5988 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/23 16:19:02.0134 5988 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/23 16:19:02.0461 5988 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
2011/04/23 16:19:02.0602 5988 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/23 16:19:03.0116 5988 igfx (38eb97b9898c56e6bdf6824a6a717312) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/23 16:19:03.0366 5988 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/23 16:19:03.0444 5988 inspect (7783fe23d056eaf8f0081ed1474640a3) C:\Windows\system32\DRIVERS\inspect.sys
2011/04/23 16:19:04.0099 5988 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/23 16:19:04.0380 5988 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/23 16:19:04.0598 5988 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/23 16:19:04.0692 5988 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/23 16:19:05.0113 5988 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/23 16:19:05.0332 5988 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/23 16:19:05.0425 5988 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/23 16:19:05.0628 5988 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/23 16:19:06.0018 5988 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/23 16:19:06.0112 5988 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/23 16:19:06.0158 5988 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/23 16:19:06.0330 5988 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/23 16:19:06.0408 5988 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/23 16:19:06.0673 5988 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/23 16:19:06.0782 5988 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/23 16:19:06.0860 5988 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/23 16:19:06.0954 5988 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/23 16:19:07.0016 5988 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/23 16:19:07.0048 5988 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/23 16:19:07.0172 5988 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
2011/04/23 16:19:07.0391 5988 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/23 16:19:07.0438 5988 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/23 16:19:07.0687 5988 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/23 16:19:07.0874 5988 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/23 16:19:07.0984 5988 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/23 16:19:08.0030 5988 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/23 16:19:08.0093 5988 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/23 16:19:08.0124 5988 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/23 16:19:08.0186 5988 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/23 16:19:08.0296 5988 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/23 16:19:08.0436 5988 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/23 16:19:08.0623 5988 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/23 16:19:08.0686 5988 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/23 16:19:08.0732 5988 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/23 16:19:08.0779 5988 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/23 16:19:08.0873 5988 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/23 16:19:09.0091 5988 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/23 16:19:09.0185 5988 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/23 16:19:09.0263 5988 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/23 16:19:09.0278 5988 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/23 16:19:09.0310 5988 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/23 16:19:09.0497 5988 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/23 16:19:09.0731 5988 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/23 16:19:09.0918 5988 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/23 16:19:09.0965 5988 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/23 16:19:10.0027 5988 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/23 16:19:10.0199 5988 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/23 16:19:10.0386 5988 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/23 16:19:10.0417 5988 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/23 16:19:10.0480 5988 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/23 16:19:10.0589 5988 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/23 16:19:10.0620 5988 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/23 16:19:10.0667 5988 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/23 16:19:11.0026 5988 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/23 16:19:11.0400 5988 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/23 16:19:11.0509 5988 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\Windows\system32\drivers\npf.sys
2011/04/23 16:19:11.0665 5988 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/23 16:19:11.0774 5988 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/23 16:19:11.0884 5988 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/23 16:19:12.0102 5988 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/23 16:19:12.0196 5988 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/23 16:19:12.0274 5988 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/23 16:19:12.0414 5988 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/23 16:19:12.0476 5988 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/23 16:19:12.0601 5988 O2MDRDR (d51942f12090fc947ca8aa01736dade2) C:\Windows\system32\DRIVERS\o2media.sys
2011/04/23 16:19:12.0726 5988 O2SDRDR (97e494165ce16ea3762114ba64faf332) C:\Windows\system32\DRIVERS\o2sd.sys
2011/04/23 16:19:12.0757 5988 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM13Vfx.sys
2011/04/23 16:19:12.0804 5988 OEM13Vid (8d9d3b1b24105796c9b9b1473dec2d70) C:\Windows\system32\DRIVERS\OEM13Vid.sys
2011/04/23 16:19:12.0929 5988 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/23 16:19:13.0085 5988 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/23 16:19:13.0132 5988 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/23 16:19:13.0194 5988 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/23 16:19:13.0256 5988 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/23 16:19:13.0303 5988 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/23 16:19:13.0428 5988 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/23 16:19:13.0506 5988 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/23 16:19:13.0615 5988 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/23 16:19:13.0678 5988 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/23 16:19:13.0771 5988 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/23 16:19:13.0849 5988 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/23 16:19:13.0912 5988 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/23 16:19:14.0083 5988 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/23 16:19:14.0161 5988 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/23 16:19:14.0348 5988 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/23 16:19:14.0598 5988 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/23 16:19:14.0692 5988 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/23 16:19:14.0832 5988 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/23 16:19:14.0957 5988 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/23 16:19:15.0066 5988 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/23 16:19:15.0238 5988 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/23 16:19:15.0300 5988 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/23 16:19:15.0394 5988 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/23 16:19:15.0487 5988 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/23 16:19:15.0706 5988 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/23 16:19:15.0768 5988 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/23 16:19:15.0830 5988 RTL8169 (cb0bd9e10e3e244d312c106dee1bbb93) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/23 16:19:15.0908 5988 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/23 16:19:15.0971 5988 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/23 16:19:16.0080 5988 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/23 16:19:16.0205 5988 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/23 16:19:16.0392 5988 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/23 16:19:16.0517 5988 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/23 16:19:16.0564 5988 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/23 16:19:16.0720 5988 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/23 16:19:16.0876 5988 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/23 16:19:16.0938 5988 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/23 16:19:16.0969 5988 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/23 16:19:17.0094 5988 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/23 16:19:17.0203 5988 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/23 16:19:17.0281 5988 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/23 16:19:17.0344 5988 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/23 16:19:17.0531 5988 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/23 16:19:17.0765 5988 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys
2011/04/23 16:19:17.0765 5988 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
2011/04/23 16:19:17.0765 5988 sptd - detected Locked file (1)
2011/04/23 16:19:17.0905 5988 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/23 16:19:18.0046 5988 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/23 16:19:18.0124 5988 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/23 16:19:18.0248 5988 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/04/23 16:19:18.0358 5988 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/04/23 16:19:18.0654 5988 ssadmdm (9afaa23421622c392b55508fa9613949) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/04/23 16:19:18.0997 5988 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/23 16:19:19.0169 5988 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/23 16:19:19.0216 5988 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/23 16:19:19.0309 5988 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/23 16:19:19.0450 5988 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/23 16:19:19.0621 5988 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/23 16:19:19.0840 5988 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/23 16:19:19.0871 5988 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/23 16:19:19.0996 5988 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/23 16:19:20.0011 5988 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/23 16:19:20.0105 5988 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/23 16:19:20.0292 5988 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/23 16:19:20.0386 5988 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/23 16:19:20.0448 5988 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/23 16:19:20.0510 5988 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/23 16:19:20.0557 5988 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/23 16:19:20.0620 5988 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/23 16:19:20.0666 5988 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/23 16:19:20.0698 5988 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/23 16:19:20.0729 5988 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/23 16:19:20.0776 5988 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/23 16:19:20.0838 5988 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/23 16:19:20.0900 5988 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/23 16:19:20.0947 5988 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/23 16:19:20.0994 5988 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/23 16:19:21.0072 5988 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/23 16:19:21.0103 5988 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/23 16:19:21.0134 5988 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/23 16:19:21.0166 5988 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/23 16:19:21.0212 5988 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/23 16:19:21.0290 5988 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/23 16:19:21.0353 5988 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/04/23 16:19:21.0431 5988 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/23 16:19:21.0478 5988 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/23 16:19:21.0556 5988 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/23 16:19:21.0587 5988 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/23 16:19:21.0634 5988 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/23 16:19:21.0649 5988 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/23 16:19:21.0727 5988 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/23 16:19:21.0805 5988 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/23 16:19:21.0852 5988 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/23 16:19:21.0914 5988 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/04/23 16:19:21.0992 5988 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/04/23 16:19:22.0055 5988 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/23 16:19:22.0102 5988 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/23 16:19:22.0117 5988 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/23 16:19:22.0180 5988 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/23 16:19:22.0226 5988 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/23 16:19:22.0320 5988 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/04/23 16:19:22.0445 5988 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/23 16:19:22.0554 5988 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/23 16:19:22.0616 5988 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/23 16:19:22.0679 5988 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/23 16:19:22.0757 5988 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/04/23 16:19:22.0819 5988 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/04/23 16:19:22.0866 5988 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/04/23 16:19:22.0944 5988 ================================================================================
2011/04/23 16:19:22.0944 5988 Scan finished
2011/04/23 16:19:22.0944 5988 ================================================================================
2011/04/23 16:19:22.0944 1216 Detected object count: 1
2011/04/23 16:19:40.0681 1216 Locked file(sptd) - User select action: Skip

Hab den Fund dann entfernen lassen. Unhide habe ich gestern schon erfolgreich ausgeführt.

Wie geht's weiter?
Vielen Dank und liebe Grüße

cosinus · 23.04.2011, 16:02

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Davidov · 23.04.2011, 16:51

Hier das combofix log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-04-22.03 - David 23.04.2011  17:27:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3062.1802 [GMT 2:00]
ausgeführt von:: c:\users\David\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\muzapp.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-23 bis 2011-04-23  ))))))))))))))))))))))))))))))
.
.
2011-04-23 15:37 . 2011-04-23 15:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-23 15:12 . 2011-04-23 15:12	--------	d-----w-	c:\program files\CCleaner
2011-04-23 13:00 . 2011-04-23 13:00	--------	d-----w-	c:\program files\Windows Portable Devices
2011-04-22 20:12 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2011-04-22 20:12 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2011-04-22 20:12 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2011-04-22 20:12 . 2009-09-25 01:33	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2011-04-22 20:12 . 2009-09-25 02:10	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2011-04-22 20:12 . 2009-09-25 02:07	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2011-04-22 20:12 . 2009-09-25 02:04	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2011-04-22 20:12 . 2009-09-25 01:33	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2011-04-22 20:12 . 2009-09-25 01:32	252928	----a-w-	c:\windows\system32\dxdiag.exe
2011-04-22 20:12 . 2009-09-25 01:31	519680	----a-w-	c:\windows\system32\d3d11.dll
2011-04-22 20:10 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-04-22 20:10 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2011-04-22 20:10 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-04-22 18:10 . 2011-04-22 18:10	--------	d-----w-	c:\users\David\AppData\Roaming\Avira
2011-04-22 18:08 . 2011-03-04 14:11	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-04-22 18:08 . 2011-03-04 12:36	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-04-22 18:08 . 2011-04-22 18:08	--------	d-----w-	c:\programdata\Avira
2011-04-22 18:08 . 2011-04-22 18:08	--------	d-----w-	c:\program files\Avira
2011-04-22 17:45 . 2011-01-20 16:08	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-04-22 17:45 . 2011-01-20 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-04-22 17:45 . 2011-01-20 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2011-04-22 17:45 . 2011-02-22 14:13	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-22 17:45 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-04-22 17:45 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-04-22 17:45 . 2011-01-20 16:08	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-04-22 17:45 . 2011-01-20 16:08	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-04-22 17:45 . 2011-01-20 16:08	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-04-22 17:45 . 2011-01-20 14:28	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-04-22 17:45 . 2011-01-20 14:25	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-04-22 17:45 . 2011-01-20 14:11	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-04-22 17:43 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2011-04-22 17:37 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{67B26C51-77B2-478A-9624-D5F912E19E25}\mpengine.dll
2011-04-22 17:21 . 2011-04-22 17:21	--------	d-----w-	C:\_OTL
2011-04-21 20:06 . 2011-04-21 20:07	--------	d-----w-	c:\windows\system32\ca-ES
2011-04-21 20:06 . 2011-04-21 20:07	--------	d-----w-	c:\windows\system32\eu-ES
2011-04-21 20:06 . 2011-04-21 20:07	--------	d-----w-	c:\windows\system32\vi-VN
2011-04-21 19:36 . 2011-04-21 19:36	--------	d-----w-	c:\windows\system32\EventProviders
2011-04-21 19:21 . 2011-04-21 19:21	--------	d-----w-	c:\program files\COMODO
2011-04-21 19:20 . 2011-04-21 19:31	--------	d-----w-	c:\programdata\Comodo
2011-04-21 18:36 . 2011-04-21 18:36	--------	d-----w-	c:\users\David\AppData\Roaming\SUPERAntiSpyware.com
2011-04-21 18:36 . 2011-04-21 18:36	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-04-21 18:36 . 2011-04-21 18:36	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-04-21 18:04 . 2011-04-21 18:04	--------	d-----w-	c:\program files\7-Zip
2011-04-21 17:01 . 2011-04-21 17:01	--------	d-----w-	c:\users\David\AppData\Roaming\Malwarebytes
2011-04-21 17:01 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 17:01 . 2011-04-21 17:01	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-21 17:01 . 2011-04-21 17:01	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-21 17:01 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-13 14:37 . 2011-04-13 14:37	--------	d-----w-	c:\users\David\AppData\Roaming\IrfanView
2011-04-13 14:18 . 2007-08-21 11:32	98304	----a-w-	c:\windows\system32\redmonnt.dll
2011-04-13 14:17 . 2011-04-13 14:17	--------	d-----w-	c:\program files\BabylonToolbar
2011-04-13 14:17 . 2011-04-13 14:18	--------	d-----w-	c:\program files\FoxTabPDFConverter
2011-04-13 13:41 . 2011-03-03 13:25	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-04-13 13:41 . 2011-02-16 16:21	430080	----a-w-	c:\windows\system32\vbscript.dll
2011-04-13 13:41 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-13 13:41 . 2011-03-03 10:49	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-11 22:19 . 2011-04-11 22:19	--------	d-----w-	c:\users\David\AppData\Roaming\MiKTeX
2011-04-11 22:05 . 2011-04-11 22:05	--------	d-----w-	c:\users\David\AppData\Local\MiKTeX
2011-04-11 22:05 . 2011-04-11 22:05	--------	d-----w-	c:\program files\JabRef
2011-04-11 22:05 . 2011-04-11 22:05	--------	d-----w-	c:\program files\Ghostgum
2011-04-11 22:04 . 2011-04-11 22:04	--------	d-----w-	c:\programdata\Aiksaurus
2011-04-11 22:01 . 2011-04-11 22:01	--------	d-----w-	c:\programdata\MiKTeX
2011-04-11 21:55 . 2011-04-11 21:58	--------	d-----w-	c:\program files\MiKTeX 2.9
2011-04-11 21:52 . 2011-04-11 22:05	--------	d-----w-	c:\program files\LyX 1.6.9
2011-04-11 20:54 . 2011-04-14 22:49	--------	d-----w-	c:\users\David\AppData\Roaming\LyX16
2011-04-11 20:53 . 2011-04-11 20:53	--------	d-----w-	c:\programdata\Aspell
2011-04-11 20:52 . 2011-04-11 21:29	--------	d-----w-	c:\program files\LyX16
2011-04-03 21:24 . 2011-04-03 21:24	--------	d-----w-	c:\program files\IrfanView
2011-04-01 22:04 . 2011-04-01 22:04	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2011-04-01 22:02 . 2011-04-01 22:02	--------	d-----w-	c:\windows\PCHEALTH
2011-04-01 22:02 . 2011-04-01 22:02	--------	d-----w-	c:\program files\Microsoft Sync Framework
2011-04-01 22:02 . 2011-04-01 22:02	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2011-04-01 21:51 . 2011-04-01 21:51	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2011-04-01 21:49 . 2011-04-01 21:49	--------	d-----w-	c:\program files\Microsoft Analysis Services
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2011-01-10 17:18	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-03 13:59	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-29 22:16 . 2011-01-29 22:16	30056	----a-w-	c:\windows\system32\MASetupCleaner.exe
2011-01-29 16:00 . 2011-03-18 16:42	4659712	----a-w-	c:\windows\system32\Redemption.dll
2011-01-29 16:00 . 2011-01-29 16:00	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2011-01-29 16:00 . 2011-01-29 16:00	325552	----a-w-	c:\windows\MASetupCaller.dll
2011-01-29 16:00 . 2011-01-29 16:00	30568	----a-w-	c:\windows\MusiccityDownload.exe
2011-01-29 16:00 . 2011-01-29 16:00	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2011-01-29 16:00 . 2011-01-29 16:00	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	569344	----a-w-	c:\windows\system32\muzdecode.ax
2011-01-29 16:00 . 2011-01-29 16:00	491520	----a-w-	c:\windows\system32\muzapp.dll
2011-01-29 16:00 . 2011-01-29 16:00	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2011-01-29 16:00 . 2011-01-29 16:00	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2011-01-29 16:00 . 2011-01-29 16:00	40960	----a-w-	c:\windows\system32\MAMACExtract.dll
2011-01-29 16:00 . 2011-01-29 16:00	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2011-01-29 16:00 . 2011-01-29 16:00	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2011-01-29 16:00 . 2011-01-29 16:00	245760	----a-w-	c:\windows\system32\MSCLib.dll
2011-01-29 16:00 . 2011-01-29 16:00	200704	----a-w-	c:\windows\system32\muzwmts.dll
2011-01-29 16:00 . 2011-01-29 16:00	155648	----a-w-	c:\windows\system32\MSFLib.dll
2011-01-29 16:00 . 2011-01-29 16:00	143360	----a-w-	c:\windows\system32\3DAudio.ax
2011-01-29 16:00 . 2011-01-29 16:00	135168	----a-w-	c:\windows\system32\muzaf1.dll
2011-01-29 16:00 . 2011-01-29 16:00	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2011-01-29 16:00 . 2011-01-29 16:00	122880	----a-w-	c:\windows\system32\muzeffect.ax
2011-01-29 16:00 . 2011-01-29 16:00	118784	----a-w-	c:\windows\system32\MaDRM.dll
2011-01-29 16:00 . 2011-01-29 16:00	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2011-01-29 16:00 . 2011-03-18 16:41	821824	----a-w-	c:\windows\system32\dgderapi.dll
2011-01-29 16:00 . 2011-03-18 16:41	20032	----a-w-	c:\windows\system32\drivers\dgderdrv.sys
2011-01-29 16:00 . 2008-09-07 14:05	319456	----a-w-	c:\windows\system32\DIFxAPI.dll
2010-07-29 17:59 . 2010-02-08 14:20	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 09:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\tbNCH.dll" [2010-09-12 3863136]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\program files\Softonic_Deutsch_FF\tbSoft.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32	279944	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02	3863136	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}]
2010-06-13 17:10	2734688	----a-w-	c:\program files\Softonic_Deutsch_FF\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2010-09-12 13:02	3863136	----a-w-	c:\program files\NCH\tbNCH.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\tbNCH.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\program files\Softonic_Deutsch_FF\tbSoft.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}"= "c:\program files\NCH\tbNCH.dll" [2010-09-12 3863136]
"{9D81AF43-DE53-48D0-A199-42C2A226B24C}"= "c:\program files\Softonic_Deutsch_FF\tbSoft.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-22 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-22 4907008]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-02-22 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-29 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-29 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-29 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-29 154136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"UIExec"="c:\program files\Mobile Broadband\UIExec.exe" [2010-03-26 136840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-17 2548552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54	91520	----a-w-	c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-29 20:19	133432	----a-w-	c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 03:40	218032	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-03-17 14:07	896912	----a-w-	c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-04-10 14:48	13824	----a-w-	c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-03-17 14:07	3373456	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\o2DSLConnectionManager]
2009-04-09 15:17	710200	----a-w-	c:\program files\DSL Connection Manager\o2DSLConnectionManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
2010-10-13 22:06	884740	----a-w-	c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15	13351304	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-16 22:24	2423752	----a-w-	c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-17 13:23	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-08-28 08:18	3660848	----a-w-	c:\program files\Veoh Networks\Veoh\VeohClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-12-23 19:18	2642168	----a-w-	c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca324c50fa1843;Google Update Service (gupdate1ca324c50fa1843);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-29 30192]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 9216]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
R3 WPEServ;soft Xpansion Print2Document;c:\program files\Common Files\WPE\wpeserv.exe [2008-03-17 339968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-06 236600]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-06 34744]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 accvssvc;AccSys WLAN Control Service;c:\program files\Common Files\AccSys\AccVSSvc.exe [2008-07-09 131072]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-22 77824]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Mobile Broadband\AssistantServices.exe [2010-03-26 251016]
S3 BTHFILT;Bluetooth-Befehlsfilter;c:\windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-02-22 48472]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-02-22 43480]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-02-22 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-02-22 235200]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 19:24]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 19:24]
.
2011-04-22 c:\windows\Tasks\User_Feed_Synchronization-{AA2FAA4A-5E9C-49AE-9449-8982BC9E1129}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=0a22ef36000000000000001e37f24ca1&tlver=1.4.19.19&affID=17160
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\users\David\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {6047B239-DA70-42CC-82DD-EE4E40800D1C} = 156.154.70.25,156.154.71.25
TCP: {738365C5-42A0-4A66-AC41-3F91CFDDA8E0} = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ozndtzlb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=0a22ef36000000000000001e37f24ca1&tlver=1.4.19.19&affID=17160
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=0a22ef36000000000000001e37f24ca1&tlver=1.4.19.19&instlRef=sst&affID=17160&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Softonic Deutsch FF Toolbar: {9d81af43-de53-48d0-a199-42c2a226b24c} - %profile%\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Veoh Browser Plug-in: videofinder@veoh.com - c:\program files\Veoh Networks\Veoh\Plugins\noreg\videofinder4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-klmdb.sys
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-3D Fish School 4 Screen Saver_is1 - c:\program files\3D Fish School 4\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(1020)
c:\windows\system32\guard32.dll
c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-23  17:47:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-23 15:47
.
Vor Suchlauf: 17 Verzeichnis(se), 18.650.537.984 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 18.137.247.744 Bytes frei
.
- - End Of File - - EE93D23AA9C12065A8B0AB56B0FDDA3A

--- --- ---

cosinus · 25.04.2011, 13:28

Zitat:

FW: COMODO Firewall

Kann ich nur von abraten. Verwende die Windows-Firewall. Sag Bescheid wenn das Teil deinstalliert ist.

Davidov · 25.04.2011, 14:32

Ok, ist soeben geschehen. Hatte gedacht, das sei zusätzlicher Schutz, aber scheinbar ist die Windows Firewall ja ausreichend.

Soll ich combofix jetzt nochmal durchlaufen lassen oder reicht das log von oben?

cosinus · 25.04.2011, 14:35

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Davidov · 25.04.2011, 15:49

1. das GMER log:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-25 16:40:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.AD
Running: fws5psbx.exe; Driver: C:\Users\David\AppData\Local\Temp\agloapod.sys


---- Devices - GMER 1.0.15 ----

Device          \Driver\BTHUSB \Device\000000bc                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\000000be                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37f24ca1                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37f24ca1@001fcc668340         0x18 0x38 0x57 0xA2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37f24ca1@a075911ff1ab         0xAB 0x4D 0xE1 0x2E ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37f24ca1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37f24ca1@001fcc668340             0x18 0x38 0x57 0xA2 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37f24ca1@a075911ff1ab             0xAB 0x4D 0xE1 0x2E ...

---- EOF - GMER 1.0.15 ----

--- --- ---

2. das OSAM log:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:46:05 on 25.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
"AppInit_DLLs" - ? - C:\Windows\System32\guard32.dll  (File not found)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"iPROSet.cpl" - "Intel Corporation" - C:\Windows\system32\iPROSet.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CinePlayer DVD Decoder Options" - "Sonic Solutions" - C:\Program Files\Sonic\CinePlayer Decoder Pack\cmdvdpak.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\MLCFG32.CPL
"PROSet Tools" - "Intel Corporation" - C:\Windows\System32\iPROSet.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"agloapod" (agloapod) - ? - C:\Users\David\AppData\Local\Temp\agloapod.sys  (Hidden registry entry, rootkit activity | File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\MLSHEXT.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "NCH Toolbar" - "Conduit Ltd." - C:\Program Files\NCH\tbNCH.dll
<binary data> "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{c2db4fe6-8409-45ce-8010-189a7b5cce86} "NCH Toolbar" - "Conduit Ltd." - C:\Program Files\NCH\tbNCH.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll
{98889811-442D-49dd-99D7-DC866BE87DBC} "Babylon Toolbar" - "Babylon Ltd." - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Program Files\ConduitEngine\ConduitEngine.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{c2db4fe6-8409-45ce-8010-189a7b5cce86} "NCH Toolbar" - "Conduit Ltd." - C:\Program Files\NCH\tbNCH.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll
{D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Browser Plug-in" - "Veoh Networks Inc" - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll
{2EECD738-5844-4a99-B4B6-146BF802613B} "CescrtHlpr Object" - "Babylon BHO" - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Program Files\ConduitEngine\ConduitEngine.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{c2db4fe6-8409-45ce-8010-189a7b5cce86} "NCH Toolbar" - "Conduit Ltd." - C:\Program Files\NCH\tbNCH.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DELL Webcam Manager" - "Creative Technology Ltd." - "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
"dscactivate" - " " - "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
"ECenter" - " " - C:\Dell\E-Center\EULALauncher.exe
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UIExec" - ? - "C:\Program Files\Mobile Broadband\UIExec.exe"  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"AccSys WLAN Control Service" (accvssvc) - "AccSys GmbH" - C:\Program Files\Common Files\AccSys\AccVSSvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Feature Support" (BthFilterHelper) - "CSR, plc" - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca324c50fa1843)" (gupdate1ca324c50fa1843) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"soft Xpansion Print2Document" (WPEServ) - "soft Xpansion" - C:\Program Files\Common Files\WPE\wpeserv.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files\Mobile Broadband\AssistantServices.exe  (File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Google Inc." - C:\Windows\system32\GPhotos.scr

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

3. das MBRcheck-Ergebnis:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Vostro1510
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x82437000 \SystemRoot\system32\ntkrnlpa.exe
0x82404000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047E000 \SystemRoot\system32\PSHED.dll
0x8048F000 \SystemRoot\system32\BOOTVID.dll
0x80497000 \SystemRoot\system32\CLFS.SYS
0x804D8000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\system32\drivers\acpi.sys
0x806D4000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DD000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E5000 \SystemRoot\system32\drivers\pci.sys
0x8070C000 \SystemRoot\System32\drivers\partmgr.sys
0x8071B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80728000 \SystemRoot\system32\drivers\volmgr.sys
0x80737000 \SystemRoot\System32\drivers\volmgrx.sys
0x80781000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80788000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80796000 \SystemRoot\system32\drivers\pciide.sys
0x8079D000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A0A000 \SystemRoot\system32\drivers\iastor.sys
0x82AD1000 \SystemRoot\system32\drivers\atapi.sys
0x82AD9000 \SystemRoot\system32\drivers\ataport.SYS
0x82AF7000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B29000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B39000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82B43000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A601000 \SystemRoot\system32\drivers\ndis.sys
0x8A70C000 \SystemRoot\system32\drivers\msrpc.sys
0x8A737000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A803000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA0F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB1F000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB58000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB60000 \SystemRoot\System32\Drivers\mup.sys
0x8AB6F000 \SystemRoot\System32\drivers\ecache.sys
0x8AB96000 \SystemRoot\system32\drivers\disk.sys
0x8ABA7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABC8000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABDE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABE9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8ABF2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EE06000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F4FD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F59D000 \SystemRoot\System32\drivers\watchdog.sys
0x8F5A9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F5B4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A9CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A772000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E804000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8EA2D000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8EA4B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EA5B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EA69000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x8EA73000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8EA99000 \SystemRoot\system32\DRIVERS\o2media.sys
0x8EAA4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EAA8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EABB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EAC6000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8EAF2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EAFD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EB15000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8EB33000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EB62000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EBA3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EBAE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EBC5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EBD0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A9DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82BB4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82BC8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A9ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EBF3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807AD000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EBF5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F5F2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x82BDD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FA00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FC01000 \SystemRoot\system32\drivers\portcls.sys
0x8FC2E000 \SystemRoot\system32\drivers\drmk.sys
0x8FC53000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FC5C000 \SystemRoot\System32\Drivers\Null.SYS
0x8FC63000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FC6A000 \SystemRoot\System32\drivers\vga.sys
0x8FC76000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FC97000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FC9F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FCA7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FCB2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FCC0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FCC9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FCDF000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FCF3000 \SystemRoot\system32\drivers\afd.sys
0x8FD3B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FD6D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FD83000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FD91000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FDA4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FDAA000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8FDCC000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x90202000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9023E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90248000 \SystemRoot\System32\Drivers\dfsc.sys
0x9025F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90285000 \SystemRoot\system32\DRIVERS\BthFilt.sys
0x9028D000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9029A000 \SystemRoot\System32\Drivers\bthport.sys
0x9031A000 \SystemRoot\System32\Drivers\USBD.SYS
0x9031C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90333000 \SystemRoot\system32\DRIVERS\OEM13Vid.sys
0x9036D000 \SystemRoot\system32\DRIVERS\OEM13Vfx.sys
0x9036F000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x90398000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x903A2000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x903BC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A908000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9A8A0000 \SystemRoot\System32\win32k.sys
0x903C9000 \SystemRoot\System32\drivers\Dxapi.sys
0x903D3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9AAC0000 \SystemRoot\System32\TSDDD.dll
0x9AAE0000 \SystemRoot\System32\cdd.dll
0x903E2000 \SystemRoot\system32\drivers\luafv.sys
0x8FDD2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xACA09000 \SystemRoot\system32\drivers\spsys.sys
0xACAB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xACAC9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xACAF3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xACAFD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xACB10000 \SystemRoot\system32\drivers\HTTP.sys
0xACB7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xACB9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xACBB3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xACBC8000 \SystemRoot\system32\drivers\mrxdav.sys
0x807D7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAF00C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAF045000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAF05D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAF085000 \SystemRoot\System32\DRIVERS\srv.sys
0xAF0EC000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xAF17C000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB040B000 \SystemRoot\system32\drivers\peauth.sys
0xB04E9000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB04F3000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB04FF000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB0515000 \??\C:\Users\David\AppData\Local\Temp\agloapod.sys
0x77C20000 \Windows\System32\ntdll.dll

Processes (total 80):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
612 csrss.exe
656 C:\Windows\System32\wininit.exe
668 csrss.exe
700 C:\Windows\System32\services.exe
712 C:\Windows\System32\lsass.exe
720 C:\Windows\System32\lsm.exe
832 C:\Windows\System32\winlogon.exe
912 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\SLsvc.exe
1340 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\wlanext.exe
1704 C:\Windows\System32\spoolsv.exe
1760 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1772 C:\Windows\System32\svchost.exe
1992 C:\Program Files\Common Files\AccSys\accvssvc.exe
2008 C:\Windows\System32\AERTSrv.exe
2040 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
224 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
308 C:\Program Files\Bonjour\mDNSResponder.exe
328 C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
348 C:\Windows\System32\svchost.exe
568 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
588 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
12 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
372 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2076 C:\Windows\System32\svchost.exe
2088 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2136 C:\Windows\System32\svchost.exe
2264 C:\Program Files\Mobile Broadband\AssistantServices.exe
2304 C:\Windows\System32\svchost.exe
2324 C:\Windows\System32\SearchIndexer.exe
2752 C:\Windows\System32\taskeng.exe
2760 C:\Windows\System32\dwm.exe
2824 C:\Windows\explorer.exe
2852 C:\Windows\System32\taskeng.exe
3472 C:\Program Files\DellTPad\Apoint.exe
3512 C:\Windows\RtHDVCpl.exe
3528 C:\Windows\OEM13Mon.exe
3536 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
3544 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3576 C:\Windows\System32\igfxtray.exe
3664 C:\Windows\System32\hkcmd.exe
3704 C:\Windows\System32\igfxpers.exe
3712 C:\Windows\System32\igfxsrvc.exe
3788 C:\Program Files\Mobile Broadband\UIExec.exe
3828 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3852 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3872 C:\Windows\ehome\ehtray.exe
3912 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3956 C:\Windows\ehome\ehmsas.exe
4080 C:\Program Files\DellTPad\ApMsgFwd.exe
2244 C:\Program Files\DellTPad\ApntEx.exe
2460 C:\Program Files\DellTPad\hidfind.exe
2624 C:\Program Files\Windows Media Player\wmpnscfg.exe
1256 C:\Program Files\Windows Media Player\wmpnetwk.exe
2704 C:\Windows\System32\svchost.exe
3032 C:\Windows\System32\wuauclt.exe
3184 C:\Program Files\Google\Chrome\Application\chrome.exe
896 C:\Program Files\Google\Chrome\Application\chrome.exe
1620 C:\Program Files\Google\Chrome\Application\chrome.exe
4092 C:\Program Files\Google\Chrome\Application\chrome.exe
2204 C:\Program Files\Google\Chrome\Application\chrome.exe
1348 C:\Program Files\Google\Chrome\Application\chrome.exe
3748 C:\Windows\System32\SearchProtocolHost.exe
1572 C:\Windows\System32\SearchFilterHost.exe
2052 C:\Program Files\Google\Chrome\Application\chrome.exe
652 dllhost.exe
4056 dllhost.exe
3568 C:\Users\David\Desktop\MBRCheck.exe
2228 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`85f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`05f00000 (NTFS)

PhysicalDrive0 Model Number: ST9160827AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

cosinus · 25.04.2011, 15:50

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

25.04.2011, 15:50	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Kazy.mekml.1 - eigene Behebung über Malwarebytes ausreichend? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

TR/Kazy.mekml.1 - eigene Behebung über Malwarebytes ausreichend?

Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 - eigene Behebung über Malwarebytes ausreichend?