TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)

froosl · 03.05.2011, 05:35

wie kann ich das nachvollziehen was bei unhide gefunden wurde? ich kann leider kein logfile finden.

Und sorry, aber meine Bank hat mir dringend empfohlen nach der Sperrung sofort den DE-Cleaner laufen zu lassen.

cosinus · 03.05.2011, 10:41

Wenn dann geben die Banken Tipps wie formatieren und neu installieren, nur das ist sicher und normalerweise als Tipp, den die Bank gibt, auch für die Bank vertretbar!
Wenn du Banking machst, solltest du bei Befall eh daran denken, besser zu formatieren, oder kannste nun mit einem Restrisiko leben?

froosl · 04.05.2011, 19:20

die Frage ist jetzt für mich ob ich - abgesehen vom Tipp neu zu formatieren noch etwas machen muss. Der DE-Cleaner hat ja jetzt nochmal eine Datei gefunden und diese beseitigt. Das neu formatieren habe ich aber auch nicht drauf.

cosinus · 05.05.2011, 08:29

Zitat:

die Frage ist jetzt für mich ob ich - abgesehen vom Tipp neu zu formatieren noch etwas machen muss

Ich hab vor drei Tagen schon gefragt was der DE-Cleaner denn gefunden hat!

froosl · 05.05.2011, 20:35

...und ich hab vor 3 Tagen schon gepostet was er gefunden hat. ;-)

Guckst Du weiter oben und gibst mir wieder Rückmeldung.

Grüße
Frank

cosinus · 06.05.2011, 08:38

Zitat:

Avira DE-Cleaner

Seit wann ist der DE-Cleaner von Avira? Ich ken nur den von Symantec, vllt hab ich deswegen gedacht du hast die Funde nicht gepostet

Die Funde vom Avira-DE-Cleaner sind imho irrelevant. Fürh bitte wie ich schon gepostet hab den tdsskiller und unhide aus, falls du Probleme mit dem Zugriff auf eigene Daten hast.

froosl · 06.05.2011, 12:20

Also der DE-Cleaner ist def. von Avira. Hab ihn auf dem Desktop drauf (wird auch von www.botfrei.de empfohlen). Das kennst Du ja sicher...

probleme mit der Ansicht von Dateien usw. habe ich nicht mehr. Die Log-Datei von unhide habe ich auch schon gepostet.

cosinus · 06.05.2011, 13:53

Logdatei von unhide? Sry aber ich glaube so langsam driftet der Strang ab. Mach bitte keine anderen Sachen mehr, auch wenn die Bank meint irgendein Tool müsse ausgeführt werden. Siehst ja was bei rauskommt...

Das Log von unhide wollte ich weder sehen noch hast du es hier gepostet.
Ich wollte, dass du den TDSS-Killer ausführst, was du aber aufgrund von mir nicht nachvollziehbaren Zweifeln nicht ausführen wolltest.

froosl · 07.05.2011, 05:11

jetzt habe ich den TDSS-Killer laufen lassen wie du beschrieben hast.

Ergebnis:
keine Infektion gefunden, allerdings hat er auch keine log.datei ausgeworfen.

Gespeichert habe ich es wie beschrieben auf dem Desktop

froosl · 07.05.2011, 05:31

jetzt habe ich den report gefunden:

2011/05/07 06:05:06.0020 3416 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/07 06:05:06.0236 3416 ================================================================================
2011/05/07 06:05:06.0236 3416 SystemInfo:
2011/05/07 06:05:06.0236 3416
2011/05/07 06:05:06.0237 3416 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/07 06:05:06.0237 3416 Product type: Workstation
2011/05/07 06:05:06.0237 3416 ComputerName: TANJA-PC
2011/05/07 06:05:06.0238 3416 UserName: tanja
2011/05/07 06:05:06.0238 3416 Windows directory: C:\Windows
2011/05/07 06:05:06.0238 3416 System windows directory: C:\Windows
2011/05/07 06:05:06.0238 3416 Processor architecture: Intel x86
2011/05/07 06:05:06.0239 3416 Number of processors: 2
2011/05/07 06:05:06.0239 3416 Page size: 0x1000
2011/05/07 06:05:06.0239 3416 Boot type: Normal boot
2011/05/07 06:05:06.0239 3416 ================================================================================
2011/05/07 06:05:06.0818 3416 Initialize success
2011/05/07 06:05:30.0549 3624 ================================================================================
2011/05/07 06:05:30.0549 3624 Scan started
2011/05/07 06:05:30.0549 3624 Mode: Manual;
2011/05/07 06:05:30.0549 3624 ================================================================================
2011/05/07 06:05:31.0630 3624 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/05/07 06:05:31.0720 3624 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/07 06:05:31.0799 3624 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/07 06:05:31.0847 3624 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/07 06:05:31.0893 3624 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/07 06:05:31.0954 3624 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/07 06:05:32.0066 3624 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/07 06:05:32.0166 3624 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/07 06:05:32.0248 3624 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/07 06:05:32.0307 3624 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/07 06:05:32.0341 3624 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/07 06:05:32.0414 3624 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/07 06:05:32.0435 3624 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/07 06:05:32.0494 3624 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
2011/05/07 06:05:32.0528 3624 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/07 06:05:32.0564 3624 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/07 06:05:32.0833 3624 amdkmdag (f954c37e0e4a2336f899b752c2f0abb2) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/07 06:05:33.0090 3624 amdkmdap (82179c4f36c9e3ae3e07616903155bc5) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/07 06:05:33.0239 3624 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/07 06:05:33.0293 3624 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/07 06:05:33.0336 3624 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/07 06:05:33.0400 3624 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/07 06:05:33.0488 3624 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2011/05/07 06:05:33.0602 3624 AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
2011/05/07 06:05:33.0889 3624 atikmdag (f954c37e0e4a2336f899b752c2f0abb2) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/07 06:05:34.0077 3624 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/05/07 06:05:34.0177 3624 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/07 06:05:34.0235 3624 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/07 06:05:34.0346 3624 BCM43XV (8c74f7814028140c9518d2b59f9410b6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/07 06:05:34.0438 3624 BCM43XX (8c74f7814028140c9518d2b59f9410b6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/07 06:05:34.0493 3624 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/07 06:05:34.0550 3624 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/07 06:05:34.0629 3624 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/07 06:05:34.0696 3624 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/07 06:05:34.0728 3624 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/07 06:05:34.0788 3624 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/07 06:05:34.0826 3624 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/07 06:05:34.0885 3624 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/07 06:05:34.0928 3624 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/07 06:05:34.0991 3624 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/07 06:05:35.0054 3624 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/07 06:05:35.0108 3624 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/07 06:05:35.0194 3624 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/05/07 06:05:35.0305 3624 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/07 06:05:35.0446 3624 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/07 06:05:35.0503 3624 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/07 06:05:35.0569 3624 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/07 06:05:35.0629 3624 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/07 06:05:35.0731 3624 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/07 06:05:35.0781 3624 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/07 06:05:35.0870 3624 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/07 06:05:35.0925 3624 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/07 06:05:35.0975 3624 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/07 06:05:36.0051 3624 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/07 06:05:36.0156 3624 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/07 06:05:36.0240 3624 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/07 06:05:36.0322 3624 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/07 06:05:36.0387 3624 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/07 06:05:36.0487 3624 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/07 06:05:36.0574 3624 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/07 06:05:36.0714 3624 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
2011/05/07 06:05:36.0753 3624 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/07 06:05:36.0871 3624 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/07 06:05:36.0954 3624 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/07 06:05:36.0975 3624 Scan interrupted by user!
2011/05/07 06:05:36.0975 3624 Scan interrupted by user!
2011/05/07 06:05:36.0975 3624 ================================================================================
2011/05/07 06:05:36.0975 3624 Scan finished
2011/05/07 06:05:36.0975 3624 ================================================================================
2011/05/07 06:07:24.0163 5884 ================================================================================
2011/05/07 06:07:24.0163 5884 Scan started
2011/05/07 06:07:24.0163 5884 Mode: Manual;
2011/05/07 06:07:24.0163 5884 ================================================================================
2011/05/07 06:07:25.0511 5884 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/05/07 06:07:25.0612 5884 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/07 06:07:25.0690 5884 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/07 06:07:25.0737 5884 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/07 06:07:25.0786 5884 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/07 06:07:25.0824 5884 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/07 06:07:25.0914 5884 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/07 06:07:25.0992 5884 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/07 06:07:26.0041 5884 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/07 06:07:26.0071 5884 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/07 06:07:26.0115 5884 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/07 06:07:26.0173 5884 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/07 06:07:26.0197 5884 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/07 06:07:26.0253 5884 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
2011/05/07 06:07:26.0287 5884 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/07 06:07:26.0324 5884 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/07 06:07:26.0580 5884 amdkmdag (f954c37e0e4a2336f899b752c2f0abb2) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/07 06:07:26.0748 5884 amdkmdap (82179c4f36c9e3ae3e07616903155bc5) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/07 06:07:26.0831 5884 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/07 06:07:26.0863 5884 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/07 06:07:26.0906 5884 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/07 06:07:26.0959 5884 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/07 06:07:27.0034 5884 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2011/05/07 06:07:27.0105 5884 AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
2011/05/07 06:07:27.0417 5884 atikmdag (f954c37e0e4a2336f899b752c2f0abb2) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/07 06:07:27.0535 5884 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/05/07 06:07:27.0613 5884 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/07 06:07:27.0671 5884 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/07 06:07:27.0761 5884 BCM43XV (8c74f7814028140c9518d2b59f9410b6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/07 06:07:27.0823 5884 BCM43XX (8c74f7814028140c9518d2b59f9410b6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/07 06:07:27.0875 5884 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/07 06:07:27.0932 5884 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/07 06:07:27.0987 5884 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/07 06:07:28.0022 5884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/07 06:07:28.0054 5884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/07 06:07:28.0091 5884 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/07 06:07:28.0129 5884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/07 06:07:28.0154 5884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/07 06:07:28.0186 5884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/07 06:07:28.0239 5884 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/07 06:07:28.0279 5884 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/07 06:07:28.0322 5884 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/07 06:07:28.0361 5884 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/05/07 06:07:28.0397 5884 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/07 06:07:28.0504 5884 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/07 06:07:28.0550 5884 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/07 06:07:28.0594 5884 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/07 06:07:28.0654 5884 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/07 06:07:28.0712 5884 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/07 06:07:28.0740 5884 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/07 06:07:28.0772 5884 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/07 06:07:28.0817 5884 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/07 06:07:28.0867 5884 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/07 06:07:28.0965 5884 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/07 06:07:29.0025 5884 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/07 06:07:29.0099 5884 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/07 06:07:29.0169 5884 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/07 06:07:29.0224 5884 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/07 06:07:29.0302 5884 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/07 06:07:29.0366 5884 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/07 06:07:29.0429 5884 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
2011/05/07 06:07:29.0466 5884 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/07 06:07:29.0585 5884 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/07 06:07:29.0658 5884 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/07 06:07:29.0704 5884 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/07 06:07:29.0786 5884 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/07 06:07:29.0822 5884 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/07 06:07:29.0864 5884 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/07 06:07:29.0933 5884 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/07 06:07:30.0008 5884 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/07 06:07:30.0040 5884 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/07 06:07:30.0092 5884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/07 06:07:30.0189 5884 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/07 06:07:30.0256 5884 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/07 06:07:30.0302 5884 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/07 06:07:30.0346 5884 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/07 06:07:30.0410 5884 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/07 06:07:30.0473 5884 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/07 06:07:30.0610 5884 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/05/07 06:07:30.0695 5884 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/07 06:07:30.0751 5884 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/05/07 06:07:30.0844 5884 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/07 06:07:30.0926 5884 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/07 06:07:31.0041 5884 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/07 06:07:31.0092 5884 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/07 06:07:31.0170 5884 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/07 06:07:31.0268 5884 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/07 06:07:31.0307 5884 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/07 06:07:31.0357 5884 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/07 06:07:31.0416 5884 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/07 06:07:31.0473 5884 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/07 06:07:31.0542 5884 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/07 06:07:31.0608 5884 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/07 06:07:31.0637 5884 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/07 06:07:31.0686 5884 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/07 06:07:31.0727 5884 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/07 06:07:31.0779 5884 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/07 06:07:31.0814 5884 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/07 06:07:31.0840 5884 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/07 06:07:31.0899 5884 JMCR (858c550ebbd243826a2193262c1b54a3) C:\Windows\system32\DRIVERS\jmcr.sys
2011/05/07 06:07:31.0938 5884 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/07 06:07:31.0974 5884 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/07 06:07:32.0042 5884 KLIF (723f185c945c0a6d2e21c2bb26a46fe7) C:\Windows\system32\DRIVERS\klif.sys
2011/05/07 06:07:32.0114 5884 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/07 06:07:32.0204 5884 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/07 06:07:32.0254 5884 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/07 06:07:32.0278 5884 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/07 06:07:32.0305 5884 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/07 06:07:32.0331 5884 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/07 06:07:32.0382 5884 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/07 06:07:32.0444 5884 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/07 06:07:32.0480 5884 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/07 06:07:32.0523 5884 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/07 06:07:32.0553 5884 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/07 06:07:32.0598 5884 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/07 06:07:32.0628 5884 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/07 06:07:32.0685 5884 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/07 06:07:32.0721 5884 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/07 06:07:32.0769 5884 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/07 06:07:32.0827 5884 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/07 06:07:32.0886 5884 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/07 06:07:32.0930 5884 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/07 06:07:32.0960 5884 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/07 06:07:33.0039 5884 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/05/07 06:07:33.0078 5884 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/07 06:07:33.0137 5884 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/07 06:07:33.0190 5884 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/07 06:07:33.0269 5884 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/07 06:07:33.0325 5884 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/07 06:07:33.0368 5884 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/07 06:07:33.0437 5884 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/07 06:07:33.0510 5884 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/07 06:07:33.0556 5884 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/07 06:07:33.0591 5884 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/07 06:07:33.0700 5884 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/07 06:07:33.0785 5884 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/07 06:07:33.0858 5884 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/07 06:07:33.0899 5884 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/07 06:07:33.0954 5884 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/07 06:07:34.0002 5884 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/07 06:07:34.0044 5884 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/07 06:07:34.0116 5884 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/07 06:07:34.0170 5884 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/07 06:07:34.0242 5884 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/07 06:07:34.0303 5884 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/07 06:07:34.0413 5884 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/07 06:07:34.0530 5884 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/07 06:07:34.0570 5884 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/07 06:07:34.0642 5884 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/05/07 06:07:34.0692 5884 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
2011/05/07 06:07:34.0968 5884 nvlddmkm (cef89ad9aaabf89c9c36c65adc62f1ed) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/07 06:07:35.0264 5884 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/07 06:07:35.0301 5884 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/07 06:07:35.0353 5884 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/07 06:07:35.0507 5884 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/07 06:07:35.0569 5884 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/07 06:07:35.0614 5884 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/07 06:07:35.0663 5884 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/07 06:07:35.0721 5884 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/07 06:07:35.0772 5884 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/07 06:07:35.0810 5884 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/07 06:07:35.0862 5884 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/07 06:07:35.0969 5884 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/07 06:07:36.0002 5884 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/05/07 06:07:36.0088 5884 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/07 06:07:36.0140 5884 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/07 06:07:36.0220 5884 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/07 06:07:36.0278 5884 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/07 06:07:36.0342 5884 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/07 06:07:36.0378 5884 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/07 06:07:36.0421 5884 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/07 06:07:36.0469 5884 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/07 06:07:36.0526 5884 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/07 06:07:36.0580 5884 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/07 06:07:36.0609 5884 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/07 06:07:36.0670 5884 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/07 06:07:36.0694 5884 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/07 06:07:36.0739 5884 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/07 06:07:36.0817 5884 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/07 06:07:36.0863 5884 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/07 06:07:36.0922 5884 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/07 06:07:36.0981 5884 s1018bus (12a851f30853a5a8e7b50341fa4b0ffb) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/05/07 06:07:37.0021 5884 s1018mdfl (a0141d5dc689a892b3f30446cbe52575) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/05/07 06:07:37.0057 5884 s1018mdm (07d430e4b2bfde6b07f31f1da6e7cab0) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/05/07 06:07:37.0110 5884 s1018mgmt (d73c20d3f0f825c8fd23f841cdcb14c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/05/07 06:07:37.0146 5884 s1018nd5 (895a1a2812dbd5afdd5ca4686a89a33c) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/05/07 06:07:37.0196 5884 s1018obex (a986e9683c74fa06456fd2ad34ba1490) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/05/07 06:07:37.0242 5884 s1018unic (da83525924c23f30f37ac1d1f11d6f15) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/05/07 06:07:37.0310 5884 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/07 06:07:37.0377 5884 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/07 06:07:37.0424 5884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/07 06:07:37.0503 5884 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/05/07 06:07:37.0559 5884 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/07 06:07:37.0599 5884 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/07 06:07:37.0641 5884 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/07 06:07:37.0744 5884 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/07 06:07:37.0778 5884 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/07 06:07:37.0818 5884 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/07 06:07:37.0852 5884 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/07 06:07:37.0904 5884 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/07 06:07:37.0940 5884 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/07 06:07:37.0980 5884 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/07 06:07:38.0041 5884 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/07 06:07:38.0089 5884 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/07 06:07:38.0153 5884 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/07 06:07:38.0227 5884 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/07 06:07:38.0260 5884 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/07 06:07:38.0337 5884 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/07 06:07:38.0441 5884 STHDA (5e71b3635d5f96d23eee1da92b85c850) C:\Windows\system32\DRIVERS\stwrt.sys
2011/05/07 06:07:38.0520 5884 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/07 06:07:38.0576 5884 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/07 06:07:38.0622 5884 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/07 06:07:38.0681 5884 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/07 06:07:38.0752 5884 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/07 06:07:38.0913 5884 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/07 06:07:39.0058 5884 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/07 06:07:39.0119 5884 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/07 06:07:39.0180 5884 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/07 06:07:39.0229 5884 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/07 06:07:39.0286 5884 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/07 06:07:39.0358 5884 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/07 06:07:39.0486 5884 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/07 06:07:39.0546 5884 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/07 06:07:39.0587 5884 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/07 06:07:39.0636 5884 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/07 06:07:39.0713 5884 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/07 06:07:39.0849 5884 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/07 06:07:39.0892 5884 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/07 06:07:39.0938 5884 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/07 06:07:39.0969 5884 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/07 06:07:40.0012 5884 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/07 06:07:40.0100 5884 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/07 06:07:40.0132 5884 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/07 06:07:40.0195 5884 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/07 06:07:40.0238 5884 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/07 06:07:40.0272 5884 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/07 06:07:40.0324 5884 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/07 06:07:40.0360 5884 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/07 06:07:40.0391 5884 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/07 06:07:40.0452 5884 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/07 06:07:40.0526 5884 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/07 06:07:40.0575 5884 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/07 06:07:40.0610 5884 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/07 06:07:40.0674 5884 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/07 06:07:40.0711 5884 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/07 06:07:40.0753 5884 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/07 06:07:40.0823 5884 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/07 06:07:40.0890 5884 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/07 06:07:40.0939 5884 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/07 06:07:40.0998 5884 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/07 06:07:41.0035 5884 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 06:07:41.0062 5884 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 06:07:41.0120 5884 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/07 06:07:41.0174 5884 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/07 06:07:41.0266 5884 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/07 06:07:41.0365 5884 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/05/07 06:07:41.0404 5884 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/07 06:07:41.0510 5884 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/07 06:07:41.0558 5884 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/07 06:07:41.0695 5884 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/07 06:07:41.0805 5884 ================================================================================
2011/05/07 06:07:41.0805 5884 Scan finished
2011/05/07 06:07:41.0805 5884 ================================================================================

cosinus · 07.05.2011, 14:32

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

froosl · 07.05.2011, 19:52

so, hier die log.datei vom cofi:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-06.05 - tanja 07.05.2011  20:27:17.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2045.1127 [GMT 2:00]
ausgeführt von:: c:\users\tanja\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-07 bis 2011-05-07  ))))))))))))))))))))))))))))))
.
.
2011-05-07 18:42 . 2011-05-07 18:42	--------	d-----w-	c:\users\Standard\AppData\Local\temp
2011-05-07 18:42 . 2011-05-07 18:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-06 20:03 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB4CCF56-1F6F-427D-B4D7-1BAD2FEDC579}\mpengine.dll
2011-05-01 05:32 . 2011-05-01 05:32	--------	d-----w-	c:\program files\CCleaner
2011-04-30 05:35 . 2011-04-30 05:35	--------	d-----w-	C:\AMD
2011-04-30 05:30 . 2011-04-30 05:30	--------	d-----w-	c:\programdata\Easy Driver Pro
2011-04-30 05:29 . 2011-04-30 05:29	--------	d-----w-	c:\program files\Easy Driver Pro
2011-04-30 04:59 . 2011-04-30 04:59	--------	d-----w-	c:\programdata\UAB
2011-04-30 04:59 . 2011-04-30 05:30	--------	d-----w-	c:\users\tanja\AppData\Local\PC_Drivers_Headquarters
2011-04-30 04:59 . 2011-04-30 04:59	--------	d-----w-	c:\programdata\DriverBoost
2011-04-30 04:58 . 2011-04-30 04:58	--------	d-----w-	c:\program files\DriverBoost
2011-04-30 04:52 . 2011-04-30 04:52	--------	d-----w-	c:\program files\MSI
2011-04-30 04:20 . 2011-04-30 04:36	--------	d-----w-	C:\cofi
2011-04-29 19:17 . 2011-04-29 19:17	--------	d-----w-	c:\program files\AMD APP
2011-04-29 19:17 . 2011-04-29 19:17	--------	d-----w-	c:\programdata\AMD
2011-04-29 19:17 . 2010-02-18 07:18	37944	----a-w-	c:\windows\system32\drivers\amdiox86.sys
2011-04-29 19:15 . 2011-04-29 19:15	--------	d-----w-	C:\ATI
2011-04-29 18:47 . 2011-04-29 18:47	--------	d-----w-	c:\program files\ATI
2011-04-29 15:50 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 15:50 . 2011-04-29 15:50	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-29 15:50 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-28 19:49 . 2011-04-28 19:49	--------	d-----w-	c:\program files\Conduit
2011-04-28 19:49 . 2011-04-28 19:49	--------	d-----w-	c:\users\tanja\AppData\Roaming\Ashampoo
2011-04-28 19:49 . 2011-05-01 17:07	--------	d-----w-	c:\program files\MyAshampoo
2011-04-28 19:49 . 2011-04-28 19:49	--------	d-----w-	c:\users\tanja\AppData\Local\ashampoo
2011-04-28 19:49 . 2011-04-28 19:49	--------	d-----w-	c:\programdata\ashampoo
2011-04-28 19:49 . 2011-04-28 19:49	--------	d-----w-	c:\program files\Ashampoo
2011-04-28 14:42 . 2011-04-28 14:42	--------	d-----w-	c:\users\tanja\AppData\Roaming\Avira
2011-04-28 13:21 . 2011-04-28 13:21	--------	d-----w-	C:\Log
2011-04-28 13:20 . 2006-04-17 09:56	1207808	----a-w-	c:\windows\system32\PhoenixDll.dll
2011-04-28 13:20 . 2004-10-16 19:46	178176	----a-w-	c:\windows\system32\StellarProfile.dll
2011-04-28 13:20 . 2011-04-28 13:20	--------	d-----w-	c:\program files\Stellar Phoenix Windows Data Recovery
2011-04-28 12:20 . 2011-04-01 15:07	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-04-28 12:20 . 2011-04-01 15:07	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-04-28 12:20 . 2011-04-28 12:20	--------	d-----w-	c:\programdata\Avira
2011-04-28 12:20 . 2011-04-28 12:20	--------	d-----w-	c:\program files\Avira
2011-04-28 12:02 . 2011-04-28 12:02	--------	d-----w-	c:\users\tanja\AppData\Roaming\TrojanHunter
2011-04-28 12:00 . 2011-04-28 12:36	--------	d-----w-	c:\program files\TrojanHunter 5.3
2011-04-28 11:51 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-28 11:51 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 11:51 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-28 11:50 . 2011-04-28 11:50	--------	d-----w-	c:\users\tanja\AppData\Local\PackageAware
2011-04-26 21:47 . 2011-04-26 21:47	--------	d-----w-	c:\users\tanja\AppData\Roaming\Malwarebytes
2011-04-26 21:47 . 2011-04-26 21:47	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-26 21:28 . 2011-04-26 21:28	--------	d-----w-	C:\_OTL
2011-04-26 20:37 . 2011-04-26 20:37	--------	d-----w-	c:\programdata\WindowsSearch
2011-04-26 20:20 . 2011-04-26 20:20	--------	d-----w-	c:\program files\Common Files\InfoWatch
2011-04-26 20:20 . 2011-04-26 20:20	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-04-26 20:20 . 2011-04-26 20:20	--------	d-----w-	c:\program files\Kaspersky Lab
2011-04-26 20:15 . 2011-04-26 20:15	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2011-04-14 05:25 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-14 05:25 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 04:10 . 2011-04-06 04:10	7774208	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-04-06 02:07 . 2011-04-06 02:07	17469952	----a-w-	c:\windows\system32\atioglxx.dll
2011-04-06 02:03 . 2011-04-06 02:03	147456	----a-w-	c:\windows\system32\atiapfxx.exe
2011-04-06 02:03 . 2011-04-06 02:03	671744	----a-w-	c:\windows\system32\aticfx32.dll
2011-04-06 01:59 . 2011-04-06 01:59	462848	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-04-06 01:59 . 2011-04-06 01:59	393216	----a-w-	c:\windows\system32\atieclxx.exe
2011-04-06 01:58 . 2011-04-06 01:58	176128	----a-w-	c:\windows\system32\atiesrxx.exe
2011-04-06 01:57 . 2011-04-06 01:57	159744	----a-w-	c:\windows\system32\atitmmxx.dll
2011-04-06 01:57 . 2011-04-06 01:57	356352	----a-w-	c:\windows\system32\atipdlxx.dll
2011-04-06 01:57 . 2011-04-06 01:57	278528	----a-w-	c:\windows\system32\Oemdspif.dll
2011-04-06 01:56 . 2011-04-06 01:56	15872	----a-w-	c:\windows\system32\atimuixx.dll
2011-04-06 01:56 . 2011-04-06 01:56	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2011-04-06 01:53 . 2011-04-06 01:53	4307968	----a-w-	c:\windows\system32\atidxx32.dll
2011-04-06 01:42 . 2011-04-06 01:42	46080	----a-w-	c:\windows\system32\aticalrt.dll
2011-04-06 01:42 . 2011-04-06 01:42	44032	----a-w-	c:\windows\system32\aticalcl.dll
2011-04-06 01:38 . 2011-04-06 01:38	6098432	----a-w-	c:\windows\system32\aticaldd.dll
2011-04-06 01:35 . 2011-04-06 01:35	4256768	----a-w-	c:\windows\system32\atiumdag.dll
2011-04-06 01:34 . 2011-04-06 01:34	1912832	----a-w-	c:\windows\system32\atiumdmv.dll
2011-04-06 01:28 . 2011-04-06 01:28	52736	----a-w-	c:\windows\system32\coinst.dll
2011-04-06 01:26 . 2011-04-06 01:26	3631616	----a-w-	c:\windows\system32\atiumdva.dll
2011-04-06 01:22 . 2011-04-06 01:22	258048	----a-w-	c:\windows\system32\atiadlxx.dll
2011-04-06 01:22 . 2011-04-06 01:22	12800	----a-w-	c:\windows\system32\atiglpxx.dll
2011-04-06 01:21 . 2011-04-06 01:21	32768	----a-w-	c:\windows\system32\atigktxx.dll
2011-04-06 01:21 . 2011-04-06 01:21	242176	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-04-06 01:20 . 2011-04-06 01:20	31232	----a-w-	c:\windows\system32\atiuxpag.dll
2011-04-06 01:20 . 2011-04-06 01:20	29184	----a-w-	c:\windows\system32\atiu9pag.dll
2011-04-06 01:20 . 2011-04-06 01:20	37376	----a-w-	c:\windows\system32\atitmpxx.dll
2011-04-06 01:20 . 2011-04-06 01:20	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-04-06 01:13 . 2011-04-06 01:13	52736	----a-w-	c:\windows\system32\atimpc32.dll
2011-04-06 01:13 . 2011-04-06 01:13	52736	----a-w-	c:\windows\system32\amdpcom32.dll
2011-04-05 20:09 . 2011-04-05 20:09	59904	----a-w-	c:\windows\system32\OVDecode.dll
2011-04-05 20:09 . 2011-04-05 20:09	51712	----a-w-	c:\windows\system32\OpenCL.dll
2011-04-05 20:09 . 2011-04-05 20:09	12385280	----a-w-	c:\windows\system32\amdocl.dll
2011-03-03 15:40 . 2011-04-28 11:51	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 11:51	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 11:51	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 11:51	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-22 19:33	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-22 19:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-22 19:33	797696	----a-w-	c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-07-20 323280]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-15 442433]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 336384]
.
c:\users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Inhaltsverzeichnis.onetoc2 [2010-1-1 3656]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f2a59e6b3576;Google Update Service (gupdate1c9f2a59e6b3576);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 133104]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 133104]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-02-12 73728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-06 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-05 294400]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-06 7774208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-06 242176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-11-17 97296]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-07 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-07 15:50]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 19:22]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 19:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-07 20:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\tanja\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-07  20:50:17
ComboFix-quarantined-files.txt  2011-05-07 18:50
ComboFix2.txt  2011-04-30 04:36
.
Vor Suchlauf: 20 Verzeichnis(se), 207.707.615.232 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 207.931.138.048 Bytes frei
.
- - End Of File - - 0B6AC305B52611035E9EAA66FF9724FE

--- --- ---

cosinus · 07.05.2011, 20:09

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

froosl · 07.05.2011, 20:24

GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit quick scan 2011-05-07 21:23:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: uiy29e7m.exe; Driver: C:\Users\tanja\AppData\Local\Temp\ugloipow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

froosl · 07.05.2011, 20:30

so, hier noch osam:

eport of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 21:29:34 on 07.05.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[Common]
-----( %SystemRoot%\Tasks )-----
"Final Media Player Update Checker.job" - "Bitberry Software" - C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\tanja\AppData\Local\Temp\catchme.sys (File not found)
"Conexant Setup API" (UIUSys) - ? - C:\Windows\System32\DRIVERS\UIUSYS.SYS (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"mbr" (mbr) - ? - C:\cofi32564c\mbr.sys (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ugloipow" (ugloipow) - ? - C:\Users\tanja\AppData\Local\Temp\ugloipow.sys (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? - (File not found | COM-object registry key not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "NvCpl DesktopContext Class" - ? - (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "Play on my TV helper" - ? - (File not found | COM-object registry key not found)
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{888078C6-70B2-4F88-8EE7-1F50DDEA6120} "CeWe Color AG & Co. OHG Control" - "CeWe Color AG & Co. OHG" - C:\Windows\Downloaded Program Files\ImageUploader6.ocx / https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
{6F15128C-E66A-490C-B848-5000B5ABEEAC} "HP Download Manager" - "Hewlett-Packard Co." - C:\Windows\Downloaded Program Files\HPDEXAXO.dll / https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\Windows\Downloaded Program Files\IPSUploader4.ocx / https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} "JordanUploader Class" - "IPLabs GmbH" - C:\Windows\Downloaded Program Files\JordanApplet.dll / hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
{8167C273-DF59-4416-B647-C8BB2C7EE83E} "WebSDev Control" - "MICRO-STAR INT'L CO., LTD." - C:\PROGRA~1\MSI\MSIWDev\WebSDev.ocx / hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OneNote Inhaltsverzeichnis.onetoc2" - ? - C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NapsterShell" - "Napster" - C:\Program Files\Napster\napster.exe /systray
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"AMD FUEL Service" (AMD FUEL Service) - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll
"Google Update Service (gupdate1c9f2a59e6b3576)" (gupdate1c9f2a59e6b3576) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky PURE" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
"QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit Online Solutions :: Index

TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)

Plagegeister aller Art und deren Bekämpfung: TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)