Hallo,

auch mich hat heute der Trojaner 'TR/Kazy.mekml.1' erwischt. Antivir gab Wahrnmeldung und verweigerte den Zugriff. Ebenso gab es eine Wahrnung wegen dem Trojaner 'TR/ATRAPS.Gen2', auch hier wurde der Zugriff verweigert. Zusätzlich kamen auch die Wahrnmeldungen wegen eines Festplattenfehlers.
Der PC zeigt die bekannten Symptome: Auf dem Desktop zwischengespeicherte Dateien und Dateilinks sind verschwunden, ebenso das Hintergrundbild. Programmlinks sind auf dem Desktop vorhanden. Die Icons auf der Schnellstartleiste sind auch verschwunden. Ansonsten sind die auf den Festplattenpartitionen C: und D: gespeicherten Dateien vorhanden und sichtbar.
Habe nach der Lektüre hier im Forum folgende Aktionen durchgeführt:
1. AntiVir - Suchlauf: keine Funde
2. Malwarebytes installiert und durchlaufen lassen: 3 Funde, erfolgreich gelöscht, PC neugestartet
3. OTL Scan durchgeführt
Die Log-Dateien von Malewarebytes und OTL hänge ich mit an.

Und nun komme ich nicht weiter, vermute, ich brauche einen FIX für OTL und hoffe auf Eure Hilfe.

Vielen Dank schon mal an dieser Stelle.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Hallo Arne,

danke das du dich meiner annimmst. Leider sind keine weiteren Logs von Malewarebytes vorhanden. Ich habe mir das Programm erst nach der Lektüre in eurem Forum auf den Rechner geladen.

Viele Grüße

Mandy

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c59c7a2-bf16-11df-8efb-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{0c59c7a2-bf16-11df-8efb-001e101f8ed0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1b01ca0d-9e02-11dd-8708-8c33b0778705}\Shell\AutoRun\command - "" = E:\EmDesk.exe
O33 - MountPoints2\{1b01ca0d-9e02-11dd-8708-8c33b0778705}\Shell\EmDesk\command - "" = E:\EmDesk.exe
O33 - MountPoints2\{480c7862-df5b-11de-a755-9ad5a70ede4d}\Shell\AutoRun\command - "" = E:\Menu.exe
O33 - MountPoints2\{80de8624-f655-11dc-8ed8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{80de8624-f655-11dc-8ed8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\shelexec.exe .\start.html
O33 - MountPoints2\{9577feb0-e65f-11de-8dc5-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{9577feb0-e65f-11de-8dc5-001e101f3315}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ab9d0cc3-09ca-11df-93f2-9bb207d53cb7}\Shell\AutoRun\command - "" = E:\Menu.exe
O33 - MountPoints2\{de73d400-d20a-11de-8fc2-89d2216bab26}\Shell - "" = AutoRun
O33 - MountPoints2\{de73d400-d20a-11de-8fc2-89d2216bab26}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{de73d403-d20a-11de-8fc2-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{de73d403-d20a-11de-8fc2-001e101f9843}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e5c1e28b-ddb1-11de-b809-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{e5c1e28b-ddb1-11de-b809-001e101fb45e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:193426B4
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hallo Arne,

OTL-Fix ist gelaufen. Hier die Datei.

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c59c7a2-bf16-11df-8efb-001e101f8ed0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c59c7a2-bf16-11df-8efb-001e101f8ed0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c59c7a2-bf16-11df-8efb-001e101f8ed0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c59c7a2-bf16-11df-8efb-001e101f8ed0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b01ca0d-9e02-11dd-8708-8c33b0778705}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b01ca0d-9e02-11dd-8708-8c33b0778705}\ not found.
File E:\EmDesk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b01ca0d-9e02-11dd-8708-8c33b0778705}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b01ca0d-9e02-11dd-8708-8c33b0778705}\ not found.
File E:\EmDesk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480c7862-df5b-11de-a755-9ad5a70ede4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480c7862-df5b-11de-a755-9ad5a70ede4d}\ not found.
File E:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80de8624-f655-11dc-8ed8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80de8624-f655-11dc-8ed8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80de8624-f655-11dc-8ed8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80de8624-f655-11dc-8ed8-806e6f6e6963}\ not found.
File F:\shelexec.exe .\start.html not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9577feb0-e65f-11de-8dc5-001e101f3315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9577feb0-e65f-11de-8dc5-001e101f3315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9577feb0-e65f-11de-8dc5-001e101f3315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9577feb0-e65f-11de-8dc5-001e101f3315}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab9d0cc3-09ca-11df-93f2-9bb207d53cb7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab9d0cc3-09ca-11df-93f2-9bb207d53cb7}\ not found.
File E:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de73d400-d20a-11de-8fc2-89d2216bab26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de73d400-d20a-11de-8fc2-89d2216bab26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de73d400-d20a-11de-8fc2-89d2216bab26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de73d400-d20a-11de-8fc2-89d2216bab26}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de73d403-d20a-11de-8fc2-001e101f9843}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de73d403-d20a-11de-8fc2-001e101f9843}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de73d403-d20a-11de-8fc2-001e101f9843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de73d403-d20a-11de-8fc2-001e101f9843}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5c1e28b-ddb1-11de-b809-001e101fb45e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5c1e28b-ddb1-11de-b809-001e101fb45e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5c1e28b-ddb1-11de-b809-001e101fb45e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5c1e28b-ddb1-11de-b809-001e101fb45e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:193426B4 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
         

Denkst du, wir bekommen das Ganze soweit wieder hin, dass z.B. auch Onlinebanking wieder möglich ist. Passwörter und Co. habe ich gleich nach der Infektion geändert und bin auch seitdem mit diesem Rechner nicht wieder im Banking gewesen.

Danke und viele Grüße

Mandy

Onlinebanking immer auf eigenes Risiko!

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Hallo Arne,

Kasperski hat nichts gefunden. Hier der Log:

Code: Alles auswählenAufklappen

ATTFilter

2011/04/28 17:12:00.0262 3972	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/28 17:12:00.0340 3972	================================================================================
2011/04/28 17:12:00.0340 3972	SystemInfo:
2011/04/28 17:12:00.0340 3972	
2011/04/28 17:12:00.0340 3972	OS Version: 6.0.6002 ServicePack: 2.0
2011/04/28 17:12:00.0340 3972	Product type: Workstation
2011/04/28 17:12:00.0340 3972	ComputerName: MANDY-LAPTOP
2011/04/28 17:12:00.0340 3972	UserName: Mandy
2011/04/28 17:12:00.0340 3972	Windows directory: C:\Windows
2011/04/28 17:12:00.0340 3972	System windows directory: C:\Windows
2011/04/28 17:12:00.0340 3972	Processor architecture: Intel x86
2011/04/28 17:12:00.0340 3972	Number of processors: 2
2011/04/28 17:12:00.0340 3972	Page size: 0x1000
2011/04/28 17:12:00.0340 3972	Boot type: Normal boot
2011/04/28 17:12:00.0340 3972	================================================================================
2011/04/28 17:12:00.0933 3972	Initialize success
2011/04/28 17:12:09.0123 5536	================================================================================
2011/04/28 17:12:09.0123 5536	Scan started
2011/04/28 17:12:09.0123 5536	Mode: Manual; 
2011/04/28 17:12:09.0123 5536	================================================================================
2011/04/28 17:12:09.0794 5536	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/28 17:12:09.0918 5536	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/28 17:12:10.0012 5536	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/28 17:12:10.0074 5536	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/28 17:12:10.0121 5536	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/28 17:12:10.0230 5536	AF15BDA         (e3f08935158038d385ad382442f4bb2d) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/04/28 17:12:10.0371 5536	Afc             (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/04/28 17:12:10.0464 5536	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/28 17:12:10.0574 5536	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/28 17:12:10.0652 5536	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/28 17:12:10.0730 5536	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/28 17:12:10.0776 5536	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/28 17:12:10.0808 5536	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/28 17:12:10.0854 5536	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/28 17:12:10.0870 5536	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/28 17:12:10.0995 5536	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/28 17:12:11.0057 5536	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/28 17:12:11.0104 5536	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/28 17:12:11.0151 5536	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/28 17:12:11.0260 5536	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/28 17:12:11.0385 5536	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/28 17:12:11.0463 5536	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/28 17:12:11.0510 5536	b57nd60x        (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/28 17:12:11.0572 5536	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/28 17:12:11.0619 5536	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/28 17:12:11.0697 5536	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/28 17:12:11.0744 5536	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/28 17:12:11.0790 5536	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/28 17:12:11.0853 5536	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/28 17:12:11.0900 5536	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/28 17:12:11.0946 5536	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/28 17:12:11.0978 5536	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/28 17:12:12.0056 5536	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/28 17:12:12.0118 5536	BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/28 17:12:12.0165 5536	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/28 17:12:12.0243 5536	BthPort         (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/04/28 17:12:12.0321 5536	BTHUSB          (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/28 17:12:12.0383 5536	btwaudio        (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
2011/04/28 17:12:12.0446 5536	btwavdt         (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2011/04/28 17:12:12.0508 5536	btwrchid        (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/28 17:12:12.0555 5536	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/28 17:12:12.0648 5536	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/28 17:12:12.0695 5536	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/28 17:12:12.0742 5536	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/28 17:12:12.0851 5536	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/28 17:12:12.0882 5536	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/28 17:12:12.0929 5536	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/28 17:12:12.0976 5536	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/28 17:12:13.0007 5536	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/28 17:12:13.0116 5536	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/28 17:12:13.0179 5536	DgiVecp         (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
2011/04/28 17:12:13.0272 5536	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/28 17:12:13.0335 5536	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/04/28 17:12:13.0444 5536	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/28 17:12:13.0506 5536	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/28 17:12:13.0600 5536	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/28 17:12:13.0709 5536	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/28 17:12:13.0803 5536	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/28 17:12:13.0881 5536	EMP_MAP         (677194565c990a89cb7dff609e98495e) C:\Windows\system32\DRIVERS\EMP_Map.sys
2011/04/28 17:12:13.0912 5536	EMP_Mirr        (002f9d4c022ebc48c549c2148af1d827) C:\Windows\system32\DRIVERS\EMP_Mirr.sys
2011/04/28 17:12:13.0990 5536	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/28 17:12:14.0099 5536	ewusbnet        (82e7eb9f12321052cd9a904b13724ee2) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/04/28 17:12:14.0177 5536	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/28 17:12:14.0224 5536	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/28 17:12:14.0271 5536	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/28 17:12:14.0333 5536	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/28 17:12:14.0380 5536	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/28 17:12:14.0427 5536	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/28 17:12:14.0474 5536	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/28 17:12:14.0567 5536	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/28 17:12:14.0598 5536	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/28 17:12:14.0645 5536	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/28 17:12:14.0708 5536	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/28 17:12:14.0754 5536	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/28 17:12:14.0786 5536	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/28 17:12:14.0848 5536	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/28 17:12:14.0895 5536	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/28 17:12:14.0957 5536	HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys
2011/04/28 17:12:15.0066 5536	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/28 17:12:15.0129 5536	HSF_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/04/28 17:12:15.0269 5536	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/28 17:12:15.0378 5536	hwdatacard      (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/28 17:12:15.0441 5536	hwusbdev        (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/04/28 17:12:15.0503 5536	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/28 17:12:15.0566 5536	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/28 17:12:15.0612 5536	iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/28 17:12:15.0659 5536	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/28 17:12:15.0737 5536	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/28 17:12:15.0862 5536	int15           (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/04/28 17:12:15.0940 5536	IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/28 17:12:16.0018 5536	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/28 17:12:16.0049 5536	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/28 17:12:16.0112 5536	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/28 17:12:16.0174 5536	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/28 17:12:16.0221 5536	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/28 17:12:16.0252 5536	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/28 17:12:16.0299 5536	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/28 17:12:16.0361 5536	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/28 17:12:16.0408 5536	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/28 17:12:16.0439 5536	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/28 17:12:16.0517 5536	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/28 17:12:16.0580 5536	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/28 17:12:16.0642 5536	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/28 17:12:16.0736 5536	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/28 17:12:16.0798 5536	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/28 17:12:16.0829 5536	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/28 17:12:16.0876 5536	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/28 17:12:16.0923 5536	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/28 17:12:17.0001 5536	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/28 17:12:17.0032 5536	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/28 17:12:17.0110 5536	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/28 17:12:17.0141 5536	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/28 17:12:17.0188 5536	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/28 17:12:17.0219 5536	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/28 17:12:17.0250 5536	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/28 17:12:17.0297 5536	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/28 17:12:17.0344 5536	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/28 17:12:17.0391 5536	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/28 17:12:17.0438 5536	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/28 17:12:17.0500 5536	mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/28 17:12:17.0547 5536	mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/28 17:12:17.0609 5536	mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/28 17:12:17.0672 5536	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/28 17:12:17.0703 5536	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/28 17:12:17.0781 5536	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/28 17:12:17.0828 5536	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/28 17:12:17.0890 5536	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/28 17:12:17.0921 5536	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/28 17:12:17.0968 5536	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/28 17:12:18.0030 5536	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/28 17:12:18.0077 5536	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/28 17:12:18.0124 5536	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/28 17:12:18.0155 5536	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/28 17:12:18.0218 5536	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/28 17:12:18.0296 5536	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/28 17:12:18.0342 5536	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/28 17:12:18.0374 5536	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/28 17:12:18.0452 5536	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/28 17:12:18.0498 5536	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/28 17:12:18.0545 5536	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/28 17:12:18.0592 5536	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/28 17:12:18.0748 5536	NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/04/28 17:12:18.0920 5536	NETw4v32        (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/28 17:12:19.0013 5536	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/28 17:12:19.0091 5536	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/28 17:12:19.0122 5536	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/28 17:12:19.0200 5536	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/28 17:12:19.0263 5536	NTIDrvr         (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/04/28 17:12:19.0294 5536	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/28 17:12:19.0325 5536	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/28 17:12:19.0575 5536	nvlddmkm        (fd0ee4fa45ff58f6c9932b4265a83ba4) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/28 17:12:19.0809 5536	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/28 17:12:19.0856 5536	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/28 17:12:19.0887 5536	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/28 17:12:20.0012 5536	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/28 17:12:20.0105 5536	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/28 17:12:20.0136 5536	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/28 17:12:20.0183 5536	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/28 17:12:20.0261 5536	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/28 17:12:20.0308 5536	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/28 17:12:20.0339 5536	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/28 17:12:20.0417 5536	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/28 17:12:20.0589 5536	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/28 17:12:20.0620 5536	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/28 17:12:20.0698 5536	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/28 17:12:20.0776 5536	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/28 17:12:20.0854 5536	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/28 17:12:20.0932 5536	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/28 17:12:20.0979 5536	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/28 17:12:21.0010 5536	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/28 17:12:21.0057 5536	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/28 17:12:21.0119 5536	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/28 17:12:21.0150 5536	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/28 17:12:21.0197 5536	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/28 17:12:21.0244 5536	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/28 17:12:21.0291 5536	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/28 17:12:21.0322 5536	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/28 17:12:21.0384 5536	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/28 17:12:21.0478 5536	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/28 17:12:21.0540 5536	rimmptsk        (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/04/28 17:12:21.0587 5536	rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/04/28 17:12:21.0681 5536	RimVSerPort     (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/04/28 17:12:21.0728 5536	rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/04/28 17:12:21.0759 5536	ROOTMODEM       (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/28 17:12:21.0821 5536	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/28 17:12:21.0884 5536	s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/04/28 17:12:21.0930 5536	s0016mdfl       (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/04/28 17:12:21.0993 5536	s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/04/28 17:12:22.0040 5536	s0016mgmt       (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/04/28 17:12:22.0102 5536	s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/04/28 17:12:22.0180 5536	s0016obex       (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/04/28 17:12:22.0227 5536	s0016unic       (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/04/28 17:12:22.0305 5536	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/28 17:12:22.0414 5536	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/28 17:12:22.0492 5536	SE27bus         (59a9eb4073a39895af314780d0a032fa) C:\Windows\system32\DRIVERS\SE27bus.sys
2011/04/28 17:12:22.0523 5536	SE27mdfl        (d53e7e53107d1796825540129f8fe89f) C:\Windows\system32\DRIVERS\SE27mdfl.sys
2011/04/28 17:12:22.0570 5536	SE27mdm         (2afa2f65a6e91da5b5070e734769827e) C:\Windows\system32\DRIVERS\SE27mdm.sys
2011/04/28 17:12:22.0632 5536	SE27mgmt        (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\Windows\system32\DRIVERS\SE27mgmt.sys
2011/04/28 17:12:22.0695 5536	se27nd5         (bb30139683bbf3ee89ec931393d9335c) C:\Windows\system32\DRIVERS\se27nd5.sys
2011/04/28 17:12:22.0757 5536	SE27obex        (5da6ff71e94b9134ddd094ebb09f05e6) C:\Windows\system32\DRIVERS\SE27obex.sys
2011/04/28 17:12:22.0804 5536	se27unic        (4d54a9d7c22157ab3d2442e8bcf5ecd2) C:\Windows\system32\DRIVERS\se27unic.sys
2011/04/28 17:12:22.0866 5536	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/28 17:12:22.0929 5536	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/28 17:12:22.0976 5536	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/28 17:12:23.0007 5536	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/28 17:12:23.0069 5536	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/28 17:12:23.0147 5536	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/28 17:12:23.0194 5536	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/28 17:12:23.0256 5536	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/28 17:12:23.0303 5536	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/28 17:12:23.0366 5536	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/28 17:12:23.0412 5536	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/28 17:12:23.0444 5536	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/28 17:12:23.0522 5536	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/28 17:12:23.0678 5536	SNP2UVC         (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/04/28 17:12:23.0756 5536	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/28 17:12:23.0818 5536	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/28 17:12:23.0865 5536	srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/28 17:12:23.0927 5536	srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/28 17:12:24.0005 5536	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/28 17:12:24.0052 5536	SSPORT          (5f77725ec309de1242d8efc8e9259a9f) C:\Windows\system32\Drivers\SSPORT.sys
2011/04/28 17:12:24.0130 5536	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/28 17:12:24.0192 5536	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/28 17:12:24.0224 5536	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/28 17:12:24.0270 5536	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/28 17:12:24.0364 5536	SynTP           (c5f25d490d0915732508fd421bf76d93) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/28 17:12:24.0489 5536	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/28 17:12:24.0567 5536	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/28 17:12:24.0629 5536	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/28 17:12:24.0692 5536	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/28 17:12:24.0723 5536	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/28 17:12:24.0770 5536	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/28 17:12:24.0816 5536	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/28 17:12:24.0910 5536	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/28 17:12:24.0957 5536	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/28 17:12:25.0004 5536	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/28 17:12:25.0050 5536	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/28 17:12:25.0113 5536	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/28 17:12:25.0191 5536	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/28 17:12:25.0238 5536	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/28 17:12:25.0284 5536	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/28 17:12:25.0331 5536	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/28 17:12:25.0378 5536	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/28 17:12:25.0472 5536	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/28 17:12:25.0518 5536	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/28 17:12:25.0565 5536	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/28 17:12:25.0628 5536	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/28 17:12:25.0690 5536	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/28 17:12:25.0737 5536	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/28 17:12:25.0784 5536	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/28 17:12:25.0830 5536	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/28 17:12:25.0877 5536	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/28 17:12:25.0924 5536	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/28 17:12:25.0986 5536	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/28 17:12:26.0018 5536	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/28 17:12:26.0049 5536	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/28 17:12:26.0080 5536	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/28 17:12:26.0127 5536	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/28 17:12:26.0158 5536	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/28 17:12:26.0220 5536	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/28 17:12:26.0267 5536	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/28 17:12:26.0314 5536	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/28 17:12:26.0376 5536	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/28 17:12:26.0439 5536	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 17:12:26.0470 5536	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 17:12:26.0532 5536	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/28 17:12:26.0595 5536	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/28 17:12:26.0735 5536	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/04/28 17:12:26.0798 5536	winbondcir      (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
2011/04/28 17:12:26.0907 5536	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/28 17:12:27.0032 5536	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/28 17:12:27.0094 5536	WSVD            (2584df81cc9f7e7bd3545691106f8cae) C:\Windows\system32\drivers\WSVD.sys
2011/04/28 17:12:27.0172 5536	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/28 17:12:27.0312 5536	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
2011/04/28 17:12:27.0453 5536	================================================================================
2011/04/28 17:12:27.0453 5536	Scan finished
2011/04/28 17:12:27.0453 5536	================================================================================
         

Lasse jetzt mal noch unhide laufen, um die paar Desktop Dateien wieder sichtbar zu machen. Soviel war bei mir ja zum Glück nicht weg.


Mandy

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Halllo Arne,

also Combofix ist durch. Hier der Inhalt der .txt:

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-04-28.01 - Mandy 28.04.2011  20:14:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1942 [GMT 2:00]
ausgeführt von:: c:\users\Mandy\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mandy\AppData\Roaming\.#
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-28 bis 2011-04-28  ))))))))))))))))))))))))))))))
.
.
2011-04-28 18:20 . 2011-04-28 18:20	--------	d-----w-	c:\users\Mandy\AppData\Local\temp
2011-04-28 18:20 . 2011-04-28 18:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-28 14:13 . 2011-04-28 14:13	--------	d-----w-	C:\_OTL
2011-04-26 15:12 . 2011-04-26 15:12	--------	d-----w-	c:\users\Mandy\AppData\Roaming\Malwarebytes
2011-04-26 15:11 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 15:11 . 2011-04-26 15:11	--------	d-----w-	c:\progra~2\Malwarebytes
2011-04-26 15:11 . 2011-04-26 16:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-26 15:11 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-26 12:46 . 2011-04-11 07:04	7071056	----a-w-	c:\progra~2\Microsoft\Windows Defender\Definition Updates\{2EC6F0E7-FF68-4B50-B77E-13B3015E995C}\mpengine.dll
2011-04-20 18:21 . 2011-04-20 18:21	--------	d-----w-	c:\users\Mandy\AppData\Local\Research In Motion
2011-04-20 18:12 . 2011-04-20 18:12	--------	d-----w-	c:\progra~2\Research In Motion
2011-04-18 16:11 . 2011-03-10 17:03	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-04-18 16:11 . 2011-03-10 17:03	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-04-18 16:11 . 2011-02-18 14:03	305152	----a-w-	c:\windows\system32\drivers\srv.sys
2011-04-18 16:11 . 2011-02-18 14:03	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-18 16:11 . 2011-02-18 14:03	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-04-18 16:11 . 2011-02-22 13:24	213504	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-18 16:11 . 2011-02-22 13:24	79360	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-18 16:11 . 2011-02-22 13:23	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-18 16:11 . 2011-02-22 13:23	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-04-18 16:11 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-18 16:11 . 2011-03-03 13:25	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-04-18 16:08 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 19:23 . 2009-04-17 18:10	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-22 14:13 . 2011-03-27 11:58	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-27 11:58	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-27 11:58	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-02-02 16:11 . 2009-10-03 11:38	222080	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-30 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-30 81920]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-03 202256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-18 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 EMP_MAP;EPSON Network Presentation Driver Service;c:\windows\system32\DRIVERS\EMP_Map.sys [2007-02-20 6400]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
R3 EMP_Mirr;EMP_Mirr;c:\windows\system32\DRIVERS\EMP_Mirr.sys [2007-02-20 6272]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-22 112128]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-24 41456]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-22 5120]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-eRecoveryService - (no file)
HKLM_ActiveSetup-{1B33999E-D695-4268-B13A-00354345D5D2} - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-28 20:20
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5664)
c:\windows\system32\btmmhook.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Zeit der Fertigstellung: 2011-04-28  20:22:26
ComboFix-quarantined-files.txt  2011-04-28 18:22
.
Vor Suchlauf: 17 Verzeichnis(se), 53.096.329.216 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 53.019.107.328 Bytes frei
.
- - End Of File - - AEAEE65BE47B5A12AD572F62915D3195
         

--- --- ---

Allerdings tut sich mein Rechner nun etwas schwer mit dem Ergebnis. Internet Explorer braucht sehr lange zum öffnen und zum Aufbau der Seiten. Auch das Windows Startmenü hängt immer mal beim Schließen bzw. wegklicken. Vor dem ComboFix lief alles problemlos. Schau dir das log am besten mal an, vielleicht siehst du ja dann, was los ist.

Viele Grüße
Mandy

Hallo Arne,

hab gerade den Rechner noch mal neu gestartet und nun scheint er sich wieder normalisiert zu haben. Im Moment läuft der IE und auch das Startmenü wieder flüssig. Wollte ich dir nur schnell noch mitteilen, bevor du dich in die Lektüre des logs vertiefst

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

• Doppelklick auf die MBRCheck.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Das Tool braucht nur wenige Sekunden.
• Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Hallo Arne,

so geschafft. Hier die Logs:

1. GMER
GMER Logfile:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-28 23:03:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: tlgrbv1h.exe; Driver: C:\Users\Mandy\AppData\Local\Temp\fwdyipod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                             section is writeable [0x8EC09360, 0x35BB38, 0xE8000020]
                C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl                                               entry point in "" section [0xA3BAC000]
.clc            C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl                                               unknown last section [0xA3BAD000, 0x1000, 0x00000000]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73E07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [73E5A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [73E0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [73DFF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [73E075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73DFE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73E38395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [73E0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [73DFFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73DFFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [73DF71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [73E8CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73E2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [73DFD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [73DF6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73DF687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [73E02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd19665                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd19665@f40b931ffb57             0xC2 0x52 0x8B 0xA2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd19665@002345af7977             0x58 0x72 0x51 0xEE ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001e4cd19665 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001e4cd19665@f40b931ffb57                 0xC2 0x52 0x8B 0xA2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001e4cd19665@002345af7977                 0x58 0x72 0x51 0xEE ...

---- EOF - GMER 1.0.15 ----
         

--- --- ---

2. OSAM

OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:18:21 on 28.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BlackBerry-Smartphone" (RimUsb) - ? - C:\Windows\System32\Drivers\RimUsb.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\Mandy\AppData\Local\Temp\catchme.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys
"EMP_Mirr" (EMP_Mirr) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\DRIVERS\EMP_Mirr.sys
"EPSON Network Presentation Driver Service" (EMP_MAP) - ? - C:\Windows\System32\DRIVERS\EMP_Map.sys  (File found, but it contains no detailed information)
"fwdyipod" (fwdyipod) - ? - C:\Users\Mandy\AppData\Local\Temp\fwdyipod.sys  (Hidden registry entry, rootkit activity | File not found)
"HSXHWAZL" (HSXHWAZL) - ? - C:\Windows\System32\DRIVERS\HSXHWAZL.sys  (File not found)
"int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"mdmxsdk" (mdmxsdk) - ? - C:\Windows\System32\DRIVERS\mdmxsdk.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"Sony Ericsson Device 0016 driver (WDM)" (s0016bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016bus.sys
"Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)" (s0016nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016nd5.sys
"Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)" (s0016unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016unic.sys
"Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)" (s0016mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mgmt.sys
"Sony Ericsson Device 0016 USB WMC Modem Driver" (s0016mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdm.sys
"Sony Ericsson Device 0016 USB WMC Modem Filter" (s0016mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdfl.sys
"Sony Ericsson Device 0016 USB WMC OBEX Interface" (s0016obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016obex.sys
"Sony Ericsson Device 039 Driver driver (WDM)" (SE27bus) - "MCCI" - C:\Windows\System32\DRIVERS\SE27bus.sys
"Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)" (se27nd5) - "MCCI" - C:\Windows\System32\DRIVERS\se27nd5.sys
"Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)" (se27unic) - "MCCI" - C:\Windows\System32\DRIVERS\se27unic.sys
"Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)" (SE27mgmt) - "MCCI" - C:\Windows\System32\DRIVERS\SE27mgmt.sys
"Sony Ericsson Device 039 USB WMC Modem Driver" (SE27mdm) - "MCCI" - C:\Windows\System32\DRIVERS\SE27mdm.sys
"Sony Ericsson Device 039 USB WMC Modem Filter" (SE27mdfl) - "MCCI" - C:\Windows\System32\DRIVERS\SE27mdfl.sys
"Sony Ericsson Device 039 USB WMC OBEX Interface" (SE27obex) - "MCCI" - C:\Windows\System32\DRIVERS\SE27obex.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"WSVD" (WSVD) - "Wasay" - C:\Windows\system32\drivers\WSVD.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{BC593DF5-466F-44EC-8FFD-C4DBC603B917} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\IEAWSDC.DLL / hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? -   (File not found | COM-object registry key not found)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" - ? -   (File not found | COM-object registry key not found)
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"eAudio" - "CyberLink" - "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"ALaunch Service" (ALaunchService) - ? - C:\Acer\ALaunch\ALaunchSvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
"eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe
"ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Raw Socket Service" (RS_Service) - "Acer Inc." - C:\Program Files\Acer\Acer VCM\RS_Service.exe
"Symantec Core LC" (Symantec Core LC) - ? - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit 

hxxp://forum.online-solutions.ru
         

3. MBRCheck

Code: Alles auswählenAufklappen

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Acer, Inc.
BIOS Manufacturer:		Acer
System Manufacturer:		Acer, inc.
System Product Name:		Aspire 5920G
Logical Drives Mask:		0x0000002c

Kernel Drivers (total 166):
  0x8263E000 \SystemRoot\system32\ntkrnlpa.exe
  0x8260B000 \SystemRoot\system32\hal.dll
  0x80600000 \SystemRoot\system32\kdcom.dll
  0x80607000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80677000 \SystemRoot\system32\PSHED.dll
  0x80688000 \SystemRoot\system32\BOOTVID.dll
  0x80690000 \SystemRoot\system32\CLFS.SYS
  0x806D1000 \SystemRoot\system32\CI.dll
  0x8A601000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8A67D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8A68A000 \SystemRoot\system32\drivers\acpi.sys
  0x8A6D0000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8A6D9000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8A6E1000 \SystemRoot\system32\drivers\pci.sys
  0x8A708000 \SystemRoot\System32\drivers\partmgr.sys
  0x8A717000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8A71A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A724000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A733000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A77D000 \SystemRoot\system32\drivers\intelide.sys
  0x8A784000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8A792000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A800000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A8C8000 \SystemRoot\system32\drivers\atapi.sys
  0x8A8D0000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A8EE000 \SystemRoot\system32\drivers\msahci.sys
  0x8A8F8000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A92A000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A93A000 \SystemRoot\system32\Drivers\PxHelp20.sys
  0x8A944000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AA0B000 \SystemRoot\system32\drivers\ndis.sys
  0x8AB16000 \SystemRoot\system32\drivers\msrpc.sys
  0x8AB41000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AC03000 \SystemRoot\System32\drivers\tcpip.sys
  0x8ACED000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8AE0B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8AF1B000 \SystemRoot\system32\drivers\volsnap.sys
  0x8AF54000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AF5C000 \SystemRoot\System32\Drivers\mup.sys
  0x8AF6B000 \SystemRoot\System32\drivers\ecache.sys
  0x8AF92000 \SystemRoot\system32\drivers\disk.sys
  0x8AFA3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8AFC4000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8AFDA000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8AFE5000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8AFEE000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8EC09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8F350000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F3F0000 \SystemRoot\System32\drivers\watchdog.sys
  0x8AE00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8AB7C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8ADD0000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8F402000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F606000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
  0x8F864000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8F874000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8F882000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x8F89C000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
  0x8F8AD000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
  0x8F8C1000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x8F913000 \SystemRoot\system32\DRIVERS\winbondcir.sys
  0x8F928000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F93B000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8F945000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F950000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8F97E000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F980000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8F98B000 \SystemRoot\system32\drivers\Afc.sys
  0x8F993000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F9AB000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8F9AD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8F9B1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8F9BA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8F48F000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8F9E9000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F9F4000 \SystemRoot\System32\Drivers\RootMdm.sys
  0x8F4D0000 \SystemRoot\system32\drivers\modem.sys
  0x8F4DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F4F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8F4FF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F522000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8F531000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8F545000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8F55A000 \SystemRoot\system32\DRIVERS\RimSerial.sys
  0x8F561000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F600000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0x8F9FC000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F571000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F59B000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8F5A9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8F5B3000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F5C0000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8ADDF000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8FC08000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8ABBA000 \SystemRoot\system32\drivers\portcls.sys
  0x8A9B5000 \SystemRoot\system32\drivers\drmk.sys
  0x8A7A2000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
  0x8FE01000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
  0x8FF05000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
  0x8FFB8000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x8FFC3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8FFD3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8FFDA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x90000000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
  0x901A7000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x901B4000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
  0x901BB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x901C4000 \SystemRoot\System32\Drivers\Null.SYS
  0x901CB000 \SystemRoot\System32\Drivers\Beep.SYS
  0x901D2000 \SystemRoot\System32\drivers\vga.sys
  0x901DE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8FFE3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8FFEB000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8FFF3000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8FDE3000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8FDF1000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8ABE7000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8A9DA000 \SystemRoot\system32\DRIVERS\smb.sys
  0x807B1000 \SystemRoot\system32\drivers\afd.sys
  0x9260A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x9263C000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92652000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92660000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92673000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x92679000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x926B5000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x926C1000 \SystemRoot\System32\Drivers\dfsc.sys
  0x926D8000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x926FE000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x92700000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x92717000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x92720000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x92728000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x92735000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x9BA50000 \SystemRoot\System32\win32k.sys
  0x92600000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8ADF0000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9BC70000 \SystemRoot\System32\TSDDD.dll
  0x9BC90000 \SystemRoot\System32\cdd.dll
  0x8AD08000 \SystemRoot\system32\drivers\luafv.sys
  0x8AD23000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xA1E04000 \SystemRoot\system32\drivers\spsys.sys
  0xA1EB4000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA1EC4000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xA1EEE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA1EF8000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA1F0B000 \SystemRoot\system32\drivers\HTTP.sys
  0xA1F78000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA1F95000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA1FAE000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA1FC3000 \SystemRoot\system32\drivers\mrxdav.sys
  0x8AD38000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x8AD57000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA1FE4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x8AD90000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA3A03000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA3A79000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA3A8F000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xA3A96000 \SystemRoot\system32\drivers\peauth.sys
  0xA3B74000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA3B7E000 \??\C:\Windows\system32\Drivers\SSPORT.sys
  0xA3B85000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA3B91000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
  0xA3BAE000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xA3BB7000 \??\C:\Users\Mandy\AppData\Local\Temp\fwdyipod.sys
  0x77220000 \Windows\System32\ntdll.dll

Processes (total 84):
       0 System Idle Process
       4 System
     484 C:\Windows\System32\smss.exe
     616 csrss.exe
     668 C:\Windows\System32\wininit.exe
     680 csrss.exe
     712 C:\Windows\System32\services.exe
     724 C:\Windows\System32\lsass.exe
     732 C:\Windows\System32\lsm.exe
     888 C:\Windows\System32\svchost.exe
     896 C:\Windows\System32\winlogon.exe
     988 C:\Windows\System32\svchost.exe
    1040 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\svchost.exe
    1168 C:\Windows\System32\svchost.exe
    1260 C:\Windows\System32\audiodg.exe
    1280 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\SLsvc.exe
    1340 C:\Windows\System32\svchost.exe
    1444 C:\Windows\System32\svchost.exe
    1760 C:\Windows\System32\spoolsv.exe
    1784 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1796 C:\Windows\System32\svchost.exe
     340 C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
     576 C:\Acer\ALaunch\ALaunchSvc.exe
     728 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
     660 C:\Windows\System32\svchost.exe
    1380 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
     308 C:\Acer\Empowering Technology\eNet\eNet Service.exe
    2064 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2108 C:\Windows\System32\svchost.exe
    2132 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2180 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2232 C:\Acer\Mobility Center\MobilityService.exe
    2272 C:\Windows\System32\svchost.exe
    2328 C:\Windows\System32\svchost.exe
    2344 C:\Windows\System32\svchost.exe
    2360 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2392 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    2436 C:\Windows\System32\svchost.exe
    2512 C:\Windows\System32\svchost.exe
    2540 C:\Windows\System32\SearchIndexer.exe
    2652 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    2716 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    2776 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    3064 WmiPrvSE.exe
    3244 WmiPrvSE.exe
    3256 unsecapp.exe
    3452 C:\Windows\System32\taskeng.exe
    3592 C:\Windows\System32\dwm.exe
    3600 C:\Windows\System32\taskeng.exe
    3868 C:\Windows\RtHDVCpl.exe
    3892 C:\Acer\Empowering Technology\eAudio\eAudio.exe
    3924 C:\Windows\System32\rundll32.exe
    3956 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3972 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    4056 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    4064 C:\Windows\System32\rundll32.exe
    4072 C:\Windows\ehome\ehtray.exe
    2324 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    3400 C:\Windows\ehome\ehmsas.exe
    3276 C:\Acer\Empowering Technology\eNet\eNMTray.exe
    3316 C:\Users\Mandy\AppData\Local\temp\RtkBtMnt.exe
    4040 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    2496 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
     868 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    4732 C:\Program Files\Windows Media Player\wmpnscfg.exe
    5752 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5904 C:\Windows\System32\svchost.exe
    5448 C:\Windows\System32\wuauclt.exe
     552 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    3440 C:\Windows\explorer.exe
    3308 C:\Program Files\Internet Explorer\iexplore.exe
    4208 C:\Program Files\Internet Explorer\iexplore.exe
    6080 C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
    2456 C:\Program Files\Internet Explorer\iexplore.exe
    2372 C:\Windows\System32\SearchProtocolHost.exe
    1632 C:\Windows\System32\SearchFilterHost.exe
     520 taskeng.exe
    3224 dllhost.exe
    4384 dllhost.exe
    4792 C:\Users\Mandy\Desktop\MBRCheck.exe
    4532 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`af600000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`a2300000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 31171527C24A94682C92F34EB1E387CDC8AD21FC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!
         

So, ich hoffe, das passt soweit. Für heute ist erst einmal Schluß. Vielen lieben Dank schon mal bis hier hin.

Eine Gute Nacht wünscht Mandy

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hallo Arne,

so beide Scans geschafft und beide melden keine Funde. Hier die Logs:

Malwarebytes

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6470

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

29.04.2011 12:54:02
mbam-log-2011-04-29 (12-54-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 298862
Laufzeit: 51 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

SUPERAntiSpyware

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 04/29/2011 bei 03:08 PM

Version der Applikation : 4.51.1000

Version der Kern-Datenbank : 6952
Version der Spur-Datenbank : 4764

Scan Art       : kompletter Scann
Totale Scann-Zeit : 02:11:23

Gescannte Speicherelemente  : 744
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 11734
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 171532
Erfasste Datei-Elemente   : 0
         

Was meinst du, haben wir (oder besser: Du ) es geschafft?

Viele Grüße
Mandy

Ja, keine Funde
Noch Probleme?