BKA-Ukash-virus

Pondiki · 30.04.2011, 11:41

vergiss die beiden vorherigen posts... hier der log von cofi:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-04-29.03 - Kendra 30.04.2011  12:33:59.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3326.2249 [GMT 2:00]
ausgeführt von:: c:\users\Kendra\Downloads\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kendra\FiestaOnline-Dawn-Of-The-Spirits-DE.exe
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-28 bis 2011-04-30  ))))))))))))))))))))))))))))))
.
.
2011-04-30 10:38 . 2011-04-30 10:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-30 07:57 . 2011-04-30 07:57	9310	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-04-29 23:39 . 2011-02-18 05:33	31232	----a-w-	c:\windows\system32\prevhost.exe
2011-04-29 23:39 . 2011-03-11 05:44	146304	----a-w-	c:\windows\system32\drivers\storport.sys
2011-04-29 23:39 . 2011-03-11 05:44	143744	----a-w-	c:\windows\system32\drivers\nvstor.sys
2011-04-29 23:39 . 2011-03-11 05:44	1210240	----a-w-	c:\windows\system32\drivers\ntfs.sys
2011-04-29 23:39 . 2011-03-11 05:44	117120	----a-w-	c:\windows\system32\drivers\nvraid.sys
2011-04-29 23:39 . 2011-03-11 05:43	332160	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2011-04-29 23:39 . 2011-03-11 05:39	1686016	----a-w-	c:\windows\system32\esent.dll
2011-04-29 23:39 . 2011-03-11 05:37	74240	----a-w-	c:\windows\system32\fsutil.exe
2011-04-29 23:39 . 2011-03-12 11:31	442880	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-29 23:39 . 2011-02-26 05:33	2614784	----a-w-	c:\windows\explorer.exe
2011-04-29 23:38 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{43E8EBB2-603E-4729-8D10-CAF9BA42C263}\mpengine.dll
2011-04-29 10:42 . 2011-04-29 10:42	--------	d-----w-	c:\users\Kendra\AppData\Roaming\Malwarebytes
2011-04-29 10:41 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 10:41 . 2011-04-29 10:41	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-29 10:41 . 2011-04-29 10:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-29 10:41 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-27 13:50 . 2011-03-06 22:12	2234368	----a-r-	C:\OTLPE.exe
2011-04-27 13:50 . 2011-04-27 13:50	--------	d-----w-	C:\_OTL
2011-04-16 07:30 . 2011-04-16 07:32	--------	d-----w-	c:\program files\ICQ7.4
2011-04-15 14:51 . 2011-03-03 03:31	2331136	----a-w-	c:\windows\system32\win32k.sys
2011-04-15 14:50 . 2011-02-12 05:30	191488	----a-w-	c:\windows\system32\FXSCOVER.exe
2011-04-15 14:50 . 2011-02-24 05:32	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-15 14:50 . 2011-03-08 05:38	740864	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-15 14:50 . 2011-03-11 05:40	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2011-04-15 14:50 . 2011-03-11 05:40	1137664	----a-w-	c:\windows\system32\mfc42.dll
2011-04-15 14:50 . 2011-02-23 05:05	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 14:50 . 2011-02-23 05:05	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 14:50 . 2011-02-23 05:05	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 14:50 . 2011-02-23 05:05	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-04-08 21:46 . 2011-04-29 03:42	--------	d-----w-	c:\program files\ConduitEngine
2011-04-08 21:46 . 2011-04-29 03:42	--------	d-----w-	c:\program files\DVDVideoSoftTB
2011-04-08 21:46 . 2011-04-08 21:46	--------	d-----w-	c:\users\Kendra\AppData\Local\Conduit
2011-04-08 20:54 . 2011-04-08 21:04	--------	d-----w-	c:\programdata\Norton
2011-04-08 20:54 . 2011-04-08 20:54	--------	d-----w-	c:\programdata\Symantec
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 12:36 . 2010-10-13 18:13	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-10 16:52	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-10 16:52	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-10 16:52	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-09 18:41	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 16:11 . 2010-01-26 14:37	222080	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 09:50	2517088	----a-w-	c:\program files\ZoneAlarm-Sicherheit\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-28 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-06-15 738808]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"SMSTray"="d:\samsung\EmoDio\SMSTray.exe" [2009-03-21 484888]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-03-06 252704]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-10-13 0]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-20 136176]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-29 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 493048]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-20 18:22]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-20 18:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Free YouTube to Mp3 Converter - c:\users\Kendra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\c5ytg5he.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
Toolbar-Locked - (no file)
Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(568)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2011-04-30  12:39:08
ComboFix-quarantined-files.txt  2011-04-30 10:39
.
Vor Suchlauf: 8 Verzeichnis(se), 864.073.887.744 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 863.976.267.776 Bytes frei
.
- - End Of File - - 133D4B65F71BB1450FA2A661FEEA4BA0

--- --- ---

cosinus · 01.05.2011, 13:31

Bitte ZoneAlarm deinstallieren. Das Teil ist sinnfrei und kontraproduktiv. Verwende die Windows-Firewall. Sag Bescheid wenn es runter ist.

Pondiki · 01.05.2011, 14:21

Habe zone alarm denistliert nach neustart des pc's komm ich nicht mehr ins internet.
Firefox meldet Server nicht gefunden und der Internetxplorer funktioniert auch nicht.

cosinus · 01.05.2011, 14:57

Prüfen => http://www.trojaner-board.de/94344-p...n-pruefen.html

Pondiki · 01.05.2011, 18:09

hab die anleitung angeguckt, aber das war alles schon so eingestelllt, wie ich es umstellen sollte, hab dann die load.exe runtergeladen, aufn stick gezogen und bei mir reingetan, und wollte das auch abarbeiten, aber die load.exe geht garnicht auf weil ich garkeine verbindung zum internet habe...

hab dann alles wieder zugemacht, und dann erschien auf dem desktop eine datei mit dem namen "scan" ich weiss aber nicht woher sie kommt.....

hab sie angefügt....

cosinus · 02.05.2011, 09:35

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Pondiki · 02.05.2011, 19:52

so hier der log:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.05.2011 20:45:28 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = F:\
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 805,88 Gb Free Space | 88,52% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 1,94 Gb Free Space | 9,69% Space Free | Partition Type: NTFS
Drive F: | 7,52 Gb Total Space | 7,51 Gb Free Space | 99,97% Space Free | Partition Type: FAT32
 
Computer Name: KENDRA-PC | User Name: Kendra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LComMgr\LVComSX.exe (Labtec Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
 
 
========== Modules (SafeList) ==========
 
MOD - F:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Labtec Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Labtec Inc.)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()
DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Medion | MSN [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.18 20:52:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.18 20:52:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.29 21:06:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.29 21:06:29 | 000,000,000 | ---D | M]
 
[2010.10.13 19:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kendra\AppData\Roaming\mozilla\Extensions
[2011.04.16 09:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\66zard9t.default\extensions
[2011.04.16 09:31:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\66zard9t.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.16 17:11:08 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\66zard9t.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.16 17:00:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\66zard9t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.01 14:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions
[2011.04.16 09:31:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.20 12:21:48 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.11.20 12:21:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.28 23:11:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.04.08 23:46:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions\engine@conduit.com
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\66zard9t.default\searchplugins\icqplugin.xml
[2010.10.30 17:20:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.30 17:20:48 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.29 21:06:27 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.29 21:06:27 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.29 21:06:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.04.29 21:06:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.04.29 21:06:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.30 12:38:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} -  File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Labtec\WebCam10\WebCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Labtec Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMSTray] D:\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kendra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - i420vfw.dll File not found
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - yv12vfw.dll File not found

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.01 15:00:31 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\ElevatedDiagnostics
[2011.05.01 14:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2011.04.30 12:39:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.30 12:33:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.30 12:33:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.30 12:33:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.30 12:33:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.30 12:32:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.04.30 10:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.30 10:04:40 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.04.30 10:01:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.29 22:49:57 | 000,000,000 | ---D | C] -- C:\Users\Kendra\Nebenprogramme\Desktop\Trojanerboard
[2011.04.29 12:42:11 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Roaming\Malwarebytes
[2011.04.29 12:41:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.29 12:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.29 12:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.29 12:41:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.29 12:41:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.27 15:50:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.16 09:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011.04.16 09:30:45 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4
[2011.04.08 23:46:38 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine
[2011.04.08 23:46:36 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2011.04.08 23:46:36 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\Conduit
[2011.04.08 22:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.04.08 22:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011.04.08 22:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[1 C:\Users\Kendra\Nebenprogramme\Desktop\*.tmp files -> C:\Users\Kendra\Nebenprogramme\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.02 20:39:28 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.02 20:39:28 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.02 20:39:28 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.02 20:39:28 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.02 20:27:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.02 19:51:43 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.02 19:51:42 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.02 19:44:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.02 19:44:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.02 19:44:16 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.01 14:41:52 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2011.05.01 12:11:32 | 000,000,725 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.04.30 12:38:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.16 14:14:45 | 000,001,282 | ---- | M] () -- C:\Users\Kendra\Nebenprogramme\Desktop\Fiesta Online(EU_German).lnk
[2011.04.16 09:31:48 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011.04.16 09:27:31 | 000,464,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Kendra\Nebenprogramme\Desktop\*.tmp files -> C:\Users\Kendra\Nebenprogramme\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.01 14:41:51 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.04.30 12:33:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.30 12:33:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.30 12:33:14 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.30 12:33:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.30 12:33:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.04.16 14:14:45 | 000,001,282 | ---- | C] () -- C:\Users\Kendra\Nebenprogramme\Desktop\Fiesta Online(EU_German).lnk
[2011.04.16 09:31:48 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011.01.05 23:12:13 | 000,027,136 | ---- | C] () -- C:\Windows\System32\qtuninst.dll
[2010.11.21 22:02:22 | 000,000,298 | ---- | C] () -- C:\Users\Kendra\AppData\Roaming\wklnhst.dat
[2010.11.10 20:23:01 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.10.30 17:31:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.15 15:24:27 | 000,552,960 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.10.15 15:24:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.10.15 15:24:27 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2010.04.29 10:23:33 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.04.29 10:23:32 | 000,202,234 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.02.04 12:45:35 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.02.04 12:16:49 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010.01.26 17:35:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.01.26 17:04:43 | 000,000,017 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2010.01.26 16:48:27 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,464,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.18 20:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 23:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.07.03 14:12:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008.07.03 14:12:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008.07.03 14:12:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008.07.03 14:12:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2007.03.06 17:50:30 | 001,669,664 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2005.01.19 09:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== LOP Check ==========
 
[2010.10.18 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\ALDI_SUED_Mah_Jong
[2010.10.13 19:10:30 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\CheckPoint
[2010.12.14 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\DataCast
[2011.04.08 23:45:52 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.25 19:00:17 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\FreeVideoConverter
[2011.05.01 15:20:12 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\ICQ
[2010.10.13 19:07:13 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\MAGIX
[2010.11.21 22:02:25 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Template
[2011.04.30 10:07:34 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\TS3Client
[2011.04.04 06:39:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.13 21:40:01 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Adobe
[2010.10.18 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\ALDI_SUED_Mah_Jong
[2010.10.13 17:46:28 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\ATI
[2010.10.13 21:45:55 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Avira
[2010.10.13 19:10:30 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\CheckPoint
[2010.11.10 20:23:01 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Corel
[2010.12.14 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\DataCast
[2010.10.18 12:55:57 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\DivX
[2011.04.08 23:45:52 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.25 19:00:17 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\FreeVideoConverter
[2011.05.01 15:20:12 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\ICQ
[2010.10.13 17:45:31 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Identities
[2010.10.13 18:51:18 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Macromedia
[2010.10.13 19:07:13 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\MAGIX
[2011.04.29 12:42:11 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Media Center Programs
[2011.05.01 15:08:41 | 000,000,000 | --SD | M] -- C:\Users\Kendra\AppData\Roaming\Microsoft
[2010.10.13 19:31:38 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Mozilla
[2011.04.30 10:07:33 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Skype
[2011.03.11 21:03:13 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\skypePM
[2010.11.21 22:02:25 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Template
[2011.04.30 10:07:34 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\TS3Client
[2010.11.29 20:11:47 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\U3
 
< %APPDATA%\*.exe /s >
[2010.08.13 09:13:32 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\c5ytg5he.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Kendra\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Kendra\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.04.07 04:13:10 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll
 
<           >

< End of report >

--- --- ---

cosinus · 02.05.2011, 20:30

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Pondiki · 03.05.2011, 09:04

hier das log von GMER:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15572 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-03 09:10:38
Windows 6.1.7600  Harddisk0\DR0 -> \Device\00000055 ST310005 rev.CC44
Running: f8cqnvsl.exe; Driver: C:\Users\Kendra\AppData\Local\Temp\uwriipob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD           83250589 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2    83275092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x9242F000, 0x2F786C, 0xE8000020]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90       9DCC6000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3       9DCC6123 629 Bytes  [15, CC, 9D, FE, 05, 34, 15, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329       9DCC6399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F       9DCC63FF 136 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5418       9DCC6488 11 Bytes  [89, 15, 3C, 15, CC, 9D, E9, ...] {MOV [0x9dcc153c], EDX; JMP 0x240bb}
PAGE            ...                                       

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

hab osam runtergeladen, aber bekomme die datei nicht entpackt, wie es in er anleitung steht...

(PS.: wenn ich mienen pc hochfahre gehen immer 6 oder 7 fenster auf, ob ich eine verbindung zum internet herstellen möchte, soll dann benutzernamen und kennwort eingeben, das klappt aber trotzdem nicht.... also ich komm trotzdem nich ins internet)

cosinus · 03.05.2011, 10:47

OSAM mit WinRAR oder 7Zip entpacken!

Pondiki · 03.05.2011, 18:57

osam scan klappt nicht, nach dem zweiten mal auf "next" klicken bleibt der hängen weil er keine verbindung zum internet hat.....

"connecting to oms Base" und dahinter steht "failed"

cosinus · 04.05.2011, 10:38

Zitat:

"connecting to oms Base" und dahinter steht "failed"

Lies doch bitte mal meine Anleitung richtig! Du sollst keinen Abgleich mit der OSAM-DB machen!

Pondiki · 04.05.2011, 11:19

so - habs dann nu auch begriffen,.. tut mir leid bin n bisschen neben mir... hier der log:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:16:45 on 04.05.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.17

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\Windows\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLCFG32.CPL
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\Windows\system32\drivers\BVRPMPR5.SYS
"catchme" (catchme) - ? - C:\Users\Kendra\AppData\Local\Temp\catchme.sys  (File not found)
"esgiguard" (esgiguard) - ? - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ZoneAlarm Security Engine" - ? - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll  (File not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - ? - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll  (File not found)
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
{C345E174-3E87-4F41-A01C-B066A90A49B4} "WRC Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\wrc32.ocx / hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
{4A85DBE0-BFB2-4119-8401-186A7C6EB653} "{4A85DBE0-BFB2-4119-8401-186A7C6EB653}" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MJSS.ocx / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - ? - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll  (File not found)
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} "ZoneAlarm Security Engine" - ? - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"CurseClientStartup.ccip" - ? - C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
"desktop.ini" - ? - C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"LogitechCommunicationsManager" - "Labtec Inc," - "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon" - "Labtec Inc." - "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
"LVCOMSX" - "Labtec Inc." - "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"SMSTray" - "SAMSUNG ELECTRONICS" - D:\Samsung\EmoDio\SMSTray.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"LVSrvLauncher" (LVSrvLauncher) - "Labtec Inc." - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

hier das mbr:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MEDIONPC
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MEDIONPC
System Product Name: MS-7646
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 187):
0x83202000 \SystemRoot\system32\ntkrnlpa.exe
0x83612000 \SystemRoot\system32\halmacpi.dll
0x80B9F000 \SystemRoot\system32\kdcom.dll
0x8BC2D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8BC38000 \SystemRoot\system32\PSHED.dll
0x8BC49000 \SystemRoot\system32\BOOTVID.dll
0x8BC51000 \SystemRoot\system32\CLFS.SYS
0x8BC93000 \SystemRoot\system32\CI.dll
0x8BD3E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BDAF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BE02000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BE4A000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8BE53000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BE5B000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BE85000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BE90000 \SystemRoot\System32\drivers\partmgr.sys
0x8BEA1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BEB1000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BEFC000 \SystemRoot\system32\DRIVERS\amdide.sys
0x8BF03000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BF11000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BF27000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8BF30000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8BF53000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x8BF64000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BFAB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8BFB4000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BFE8000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C03B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C16A000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C195000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C21F000 \SystemRoot\System32\Drivers\cng.sys
0x8C27C000 \SystemRoot\System32\drivers\pcw.sys
0x8C28A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C293000 \SystemRoot\system32\drivers\ndis.sys
0x8C34A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C388000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C408000 \SystemRoot\System32\drivers\tcpip.sys
0x8C551000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C582000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C5C1000 \SystemRoot\System32\Drivers\spldr.sys
0x8C5C9000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C3AD000 \SystemRoot\System32\Drivers\mup.sys
0x8C5F6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C3BD000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C3EF000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C1A8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C400000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8C000000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C217000 \SystemRoot\System32\Drivers\Null.SYS
0x8C01F000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C026000 \SystemRoot\System32\drivers\vga.sys
0x8BDBD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C1EF000 \SystemRoot\System32\drivers\watchdog.sys
0x8C032000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BDDE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BDE6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BDEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BC00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BC0E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91015000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91020000 \SystemRoot\system32\drivers\afd.sys
0x9107A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x910AC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x910B3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x910D2000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x910E3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x910F1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91104000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91114000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9111A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9115B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91165000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9116F000 \SystemRoot\System32\drivers\discache.sys
0x9117B000 \SystemRoot\System32\Drivers\dfsc.sys
0x91193000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x911A1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x911C7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x911E8000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x91638000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9241D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x91664000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92999000 \SystemRoot\System32\drivers\dxgmms1.sys
0x929D2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9171B000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x91757000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x929F1000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x91783000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x92400000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x92406000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x917CE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x917E6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x917F3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91600000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91612000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9162A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92A2B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92A4D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92A65000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92A7C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92A93000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92AA0000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92AA2000 \SystemRoot\system32\DRIVERS\ks.sys
0x92AD6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92AE4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92B28000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92B46000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x92B64000 \SystemRoot\system32\drivers\portcls.sys
0x92B93000 \SystemRoot\system32\drivers\drmk.sys
0x99405000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9C230000 \SystemRoot\System32\win32k.sys
0x996F1000 \SystemRoot\System32\drivers\Dxapi.sys
0x996FB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x99708000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x99712000 \SystemRoot\System32\Drivers\dump_amdsata.sys
0x99723000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x99734000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x9974B000 \SystemRoot\system32\drivers\USBD.SYS
0x9974D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99758000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x99763000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x99776000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x81E2D000 \SystemRoot\system32\DRIVERS\RTL8192su.sys
0x81ED2000 \SystemRoot\System32\drivers\vwifibus.sys
0x81EDC000

cosinus · 04.05.2011, 13:33

Lob von mbrcheck ist unvollständig

Pondiki · 04.05.2011, 14:59

oh... entschuldige....

der hat die datei aber wirklich so erstellt... hab nochmal einen neuen check gemacht:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MEDIONPC
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MEDIONPC
System Product Name: MS-7646
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 187):
0x83202000 \SystemRoot\system32\ntkrnlpa.exe
0x83612000 \SystemRoot\system32\halmacpi.dll
0x80B9F000 \SystemRoot\system32\kdcom.dll
0x8BC2D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8BC38000 \SystemRoot\system32\PSHED.dll
0x8BC49000 \SystemRoot\system32\BOOTVID.dll
0x8BC51000 \SystemRoot\system32\CLFS.SYS
0x8BC93000 \SystemRoot\system32\CI.dll
0x8BD3E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BDAF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BE02000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BE4A000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8BE53000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BE5B000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BE85000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BE90000 \SystemRoot\System32\drivers\partmgr.sys
0x8BEA1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BEB1000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BEFC000 \SystemRoot\system32\DRIVERS\amdide.sys
0x8BF03000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BF11000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BF27000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8BF30000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8BF53000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x8BF64000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BFAB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8BFB4000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BFE8000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C03B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C16A000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C195000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C21F000 \SystemRoot\System32\Drivers\cng.sys
0x8C27C000 \SystemRoot\System32\drivers\pcw.sys
0x8C28A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C293000 \SystemRoot\system32\drivers\ndis.sys
0x8C34A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C388000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C408000 \SystemRoot\System32\drivers\tcpip.sys
0x8C551000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C582000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C5C1000 \SystemRoot\System32\Drivers\spldr.sys
0x8C5C9000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C3AD000 \SystemRoot\System32\Drivers\mup.sys
0x8C5F6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C3BD000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C3EF000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C1A8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C400000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8C000000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C217000 \SystemRoot\System32\Drivers\Null.SYS
0x8C01F000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C026000 \SystemRoot\System32\drivers\vga.sys
0x8BDBD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C1EF000 \SystemRoot\System32\drivers\watchdog.sys
0x8C032000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BDDE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BDE6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BDEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BC00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BC0E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91015000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91020000 \SystemRoot\system32\drivers\afd.sys
0x9107A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x910AC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x910B3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x910D2000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x910E3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x910F1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91104000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91114000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9111A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9115B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91165000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9116F000 \SystemRoot\System32\drivers\discache.sys
0x9117B000 \SystemRoot\System32\Drivers\dfsc.sys
0x91193000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x911A1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x911C7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x911E8000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x91638000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9241D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x91664000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92999000 \SystemRoot\System32\drivers\dxgmms1.sys
0x929D2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9171B000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x91757000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x929F1000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x91783000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x92400000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x92406000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x917CE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x917E6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x917F3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91600000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91612000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9162A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92A2B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92A4D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92A65000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92A7C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92A93000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92AA0000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92AA2000 \SystemRoot\system32\DRIVERS\ks.sys
0x92AD6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92AE4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92B28000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92B46000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x92B64000 \SystemRoot\system32\drivers\portcls.sys
0x92B93000 \SystemRoot\system32\drivers\drmk.sys
0x99405000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9C230000 \SystemRoot\System32\win32k.sys
0x996F1000 \SystemRoot\System32\drivers\Dxapi.sys
0x996FB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x99708000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x99712000 \SystemRoot\System32\Drivers\dump_amdsata.sys
0x99723000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x99734000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x9974B000 \SystemRoot\system32\drivers\USBD.SYS
0x9974D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99758000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x99763000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x99776000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x81E2D000 \SystemRoot\system32\DRIVERS\RTL8192su.sys
0x81ED2000 \SystemRoot\System32\drivers\vwifibus.sys
0x81EDC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9C490000 \SystemRoot\System32\TSDDD.dll
0x9C4C0000 \SystemRoot\System32\cdd.dll
0x81EE7000 \SystemRoot\system32\drivers\luafv.sys
0x81F02000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x81F17000 \SystemRoot\system32\drivers\WudfPf.sys
0x81F31000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81F41000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81F87000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81F97000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81FAA000 \SystemRoot\System32\Drivers\fastfat.SYS
0x99228000 \SystemRoot\system32\drivers\HTTP.sys
0x992AD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x992C6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x992D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x992FB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99336000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99369000 \SystemRoot\system32\drivers\peauth.sys
0x99200000 \SystemRoot\System32\Drivers\secdrv.SYS
0x81FD4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9920A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9977D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x92BAC000 \SystemRoot\System32\DRIVERS\srv.sys
0x81E00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x76DC0000 \Windows\System32\ntdll.dll
0x47C40000 \Windows\System32\smss.exe
0x77000000 \Windows\System32\apisetschema.dll
0x00630000 \Windows\System32\autochk.exe
0x76F90000 \Windows\System32\shlwapi.dll
0x76D10000 \Windows\System32\msvcrt.dll
0x76C40000 \Windows\System32\msctf.dll
0x76F70000 \Windows\System32\sechost.dll
0x76F40000 \Windows\System32\imagehlp.dll
0x76F30000 \Windows\System32\normaliz.dll
0x76A40000 \Windows\System32\iertutil.dll
0x769A0000 \Windows\System32\advapi32.dll
0x768A0000 \Windows\System32\wininet.dll
0x76F20000 \Windows\System32\lpk.dll
0x76700000 \Windows\System32\setupapi.dll
0x76650000 \Windows\System32\rpcrt4.dll
0x765C0000 \Windows\System32\clbcatq.dll
0x76580000 \Windows\System32\ws2_32.dll
0x76530000 \Windows\System32\Wldap32.dll
0x76F10000 \Windows\System32\psapi.dll
0x764B0000 \Windows\System32\comdlg32.dll
0x76410000 \Windows\System32\usp10.dll
0x76F00000 \Windows\System32\nsi.dll
0x763B0000 \Windows\System32\difxapi.dll
0x75760000 \Windows\System32\shell32.dll
0x75620000 \Windows\System32\urlmon.dll
0x75600000 \Windows\System32\imm32.dll
0x75530000 \Windows\System32\user32.dll
0x754A0000 \Windows\System32\oleaut32.dll
0x753C0000 \Windows\System32\kernel32.dll
0x75260000 \Windows\System32\ole32.dll
0x75210000 \Windows\System32\gdi32.dll
0x751E0000 \Windows\System32\wintrust.dll
0x750C0000 \Windows\System32\crypt32.dll
0x75030000 \Windows\System32\comctl32.dll
0x74FE0000 \Windows\System32\KernelBase.dll
0x74FB0000 \Windows\System32\cfgmgr32.dll
0x74F90000 \Windows\System32\devobj.dll
0x74F80000 \Windows\System32\msasn1.dll

Processes (total 59):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
412 csrss.exe
484 C:\Windows\System32\wininit.exe
492 csrss.exe
532 C:\Windows\System32\services.exe
556 C:\Windows\System32\lsass.exe
564 C:\Windows\System32\lsm.exe
620 C:\Windows\System32\winlogon.exe
712 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\atiesrxx.exe
952 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\atieclxx.exe
1340 C:\Windows\System32\svchost.exe
1552 C:\Windows\System32\spoolsv.exe
1580 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1600 C:\Windows\System32\svchost.exe
1712 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1756 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
1792 C:\Windows\System32\svchost.exe
1824 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
1848 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1856 C:\Windows\System32\conhost.exe
1948 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
1988 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
308 C:\Windows\System32\svchost.exe
480 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2184 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2380 C:\Windows\System32\SearchIndexer.exe
2480 WUDFHost.exe
2724 C:\Windows\System32\taskhost.exe
2844 C:\Windows\System32\dwm.exe
2896 C:\Windows\explorer.exe
3168 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
3200 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3208 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3224 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3340 D:\Samsung\EmoDio\SMSTray.exe
3428 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
3436 C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
3476 C:\Program Files\Labtec\WebCam10\WebCam10.exe
3512 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3524 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3556 C:\Program Files\Windows Sidebar\sidebar.exe
3592 C:\Program Files\ICQ7.2\ICQ.exe
3920 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3368 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2988 C:\Windows\System32\svchost.exe
3600 C:\Program Files\Windows Media Player\wmpnetwk.exe
4576 C:\Windows\System32\svchost.exe
5792 C:\Windows\System32\audiodg.exe
1616 F:\MBRCheck.exe

Hoffe der ist nun vollständig

01.05.2011, 13:31	#32
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA-Ukash-virus Bitte ZoneAlarm deinstallieren. Das Teil ist sinnfrei und kontraproduktiv. Verwende die Windows-Firewall. Sag Bescheid wenn es runter ist. __________________ __________________

01.05.2011, 14:57	#34
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA-Ukash-virus Prüfen => http://www.trojaner-board.de/94344-p...n-pruefen.html __________________ Logfiles bitte immer in CODE-Tags posten

03.05.2011, 10:47	#40
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA-Ukash-virus OSAM mit WinRAR oder 7Zip entpacken! __________________ Logfiles bitte immer in CODE-Tags posten

04.05.2011, 13:33	#44
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA-Ukash-virus Lob von mbrcheck ist unvollständig __________________ Logfiles bitte immer in CODE-Tags posten

BKA-Ukash-virus

Log-Analyse und Auswertung: BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

BKA-Ukash-virus

Ähnliche Themen: BKA-Ukash-virus

01.05.2011, 14:21	#33
Pondiki	BKA-Ukash-virus Habe zone alarm denistliert nach neustart des pc's komm ich nicht mehr ins internet. Firefox meldet Server nicht gefunden und der Internetxplorer funktioniert auch nicht. __________________

03.05.2011, 18:57	#41
Pondiki	BKA-Ukash-virus osam scan klappt nicht, nach dem zweiten mal auf "next" klicken bleibt der hängen weil er keine verbindung zum internet hat..... "connecting to oms Base" und dahinter steht "failed"