Trojaner-Board - nach Security Tool eigenständiges öffnen v. webseiten und java

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - nach Security Tool eigenständiges öffnen v. webseiten und java (https://www.trojaner-board.de/91206-security-tool-eigenstaendiges-oeffnen-v-webseiten-java.html)

nach Security Tool eigenständiges öffnen v. webseiten und java

Hallo liebes Forum!

Ich habe mir irgendwie Security Tool eingefangen. Habe versucht, dies nach der Anleitung hier im Forum zu deinstallieren. Allerding: Die angegebenen Dateien und Registry-Einträge existieren komischerweise nicht. Das Security Tool scheint auch plötzlich weg zu sein.

Malwarebytes hatte trotzdem etwas gefunden und entfernt.

Nun habe ich gelegentlich den Fall, dass sich einfach in Firefox ein neuer Tab öffnet und irgendeine Webseite aufruft, die oft nur wirre Zeichen enthält. Gleichzeitig wird Java gestartet. Ich habe also garantiert noch irgendwas bösartiges im System.
--> Während dem verfassen dieses Beitrags ging folgender Link auf:
h**p://de.ask.com/web?qsrc=999&siteid=3101&l=dis&mirago=trojaner-board&qenc=2&q=trend+antivirus
Ich benutze nie ask.com und habe auch nie nach "trend antivirus" gesucht.

Hab Malwarebytes nochmal laufen lassen, es wurden 2 Sachen gefunden. Gehe nun also nicht davon aus, dass alles weg ist. Log im Anhang.

Hab auch OTL gemacht. Ist standardmäßig alles auf "Use Safe-List" eingestellt, war das korrekt? In der Anleitung steht ja nur zu Extra-Registry, dass man Use Safelist wählen soll. Logs im Anhang.

--> Beim Abschicken des Beitrags mit Logs im Text hängt sich Firefox auf. Hochladen der Logs geht auch nicht. Mit IE klappt es jetzt!

Würde mich über Hilfe von den Experten freuen! :)

Viele Grüße, Tim.

Nachtrag:
Die Firefox-Abstürze häufen sich, hier mal ne detaillierte Fehlermeldung des Browsers:
---
Problem signature:
Problem Event Name: BEX
Application Name: firefox.exe
Application Version: 1.9.2.3743
Application Timestamp: 4bb4be02
Fault Module Name: AcroFF.dll
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4c2092c6
Exception Offset: 00003817
Exception Code: c0000409
Exception Data: 00000000
OS Version: 6.1.7600.2.0.0.256.48
Locale ID: 1031
Additional Information 1: d7ce
Additional Information 2: d7ceb41e8574af94675e54560e3d11b4
Additional Information 3: 4703
Additional Information 4: 4703ffca7911cfa94049e75f717cc580

Read our privacy statement online:
hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
---

Hallo,

Zitat:

Database version: 4696

So ganz aktuell war MBAM aber nicht...
Hast Du davor schonmal mit MBAM gescannt? Wenn ja bitte alle Logs posten.

Hallo cosinus!

Ja, ich habe davor schon einmal gescannt, allerdings quick soweit ich mich erinnere.
Ich habe in den malwarebytes Logs nachgesehen:

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Database version: 4696
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

26.09.2010 05:28:36

mbam-log-2010-09-26 (05-28-36).txt
 

Scan type: Quick scan

Objects scanned: 142796

Time elapsed: 8 minute(s), 44 second(s)
 

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7
 

Memory Processes Infected:

(No malicious items detected)
 

Memory Modules Infected:

C:\Users\***\AppData\Local\rentkro.dll (Trojan.Hiloti) -> Delete on reboot.
 

Registry Keys Infected:

HKEY_CLASSES_ROOT\linkrdr.aiebho (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\linkrdr.aiebho.1 (Trojan.Banker) -> Quarantined and deleted successfully.
 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mrefax (Trojan.Hiloti) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gciwugiyarikomem (Trojan.Agent.U) -> Delete on reboot.
 

Registry Data Items Infected:

(No malicious items detected)
 

Folders Infected:

(No malicious items detected)
 

Files Infected:

C:\Users\***\AppData\Local\rentkro.dll (Trojan.Hiloti) -> Delete on reboot.

C:\Users\***\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Local\Temp\ATlkRuMukm.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Local\Temp\ECF0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Local\Temp\0.1950727297468715.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Local\oqezopes.dll (Trojan.Agent.U) -> Delete on reboot.

Zitat:

Database version: 4696

Mach nochmal ein Update und anschließenden Vollscan mit Malwarebytes.

Malwarebytes kann nichts finden.
Hier der Scan nach Update:

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Database version: 4712
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

28.09.2010 21:17:10

mbam-log-2010-09-28 (21-17-10).txt
 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 254138

Time elapsed: 1 hour(s), 25 minute(s), 33 second(s)
 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0
 

Memory Processes Infected:

(No malicious items detected)
 

Memory Modules Infected:

(No malicious items detected)
 

Registry Keys Infected:

(No malicious items detected)
 

Registry Values Infected:

(No malicious items detected)
 

Registry Data Items Infected:

(No malicious items detected)
 

Folders Infected:

(No malicious items detected)
 

Files Infected:

(No malicious items detected)

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du die Punkte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

[2010.09.26 04:35:05 | 000,000,000 | ---D | C] -- C:\xmldm

[2010.09.26 04:34:53 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\5005

[2010.09.26 04:34:00 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\xmldm

[2010.09.26 04:33:47 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\cock

[2010.09.26 02:28:56 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{F83758C0-2ED6-4D86-85C0-1EE543AEA9D2}

[2010.09.10 12:45:22 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\AAm2crackfix-srw

[2010.09.10 11:04:43 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\mafia_crckv3_new

[2010.09.26 05:06:07 | 000,000,120 | ---- | M] () -- C:\Users\...\AppData\Local\Omizegef.dat

[2010.09.26 02:28:59 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Local\Wqipusezejoheraf.bin

[2010.09.24 12:12:31 | 018,249,508 | ---- | M] () -- C:\Users\...\Desktop\mafia_patch_1-2_ger.exe

[2010.09.10 12:42:12 | 016,449,980 | ---- | M] () -- C:\Users\...\Desktop\AAm2crackfix-srw.rar

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Hallo,
eben ist es wieder passiert, neue Firefoxseite, Java öffnet sich und Panda reagiert sofort. Hier ein Screenshot des Panda-Logs im Anhang.

Hier die OTL Logdatei:

Code:

All processes killed

========== OTL ==========

Folder C:\xmldm\ not found.

C:\Users\Tim\AppData\Roaming\5005\components folder moved successfully.

C:\Users\Tim\AppData\Roaming\5005 folder moved successfully.

C:\Users\Tim\AppData\Roaming\xmldm folder moved successfully.

C:\Users\Tim\AppData\Roaming\cock folder moved successfully.

C:\Users\Tim\AppData\Local\{F83758C0-2ED6-4D86-85C0-1EE543AEA9D2}\chrome\content folder moved successfully.

C:\Users\Tim\AppData\Local\{F83758C0-2ED6-4D86-85C0-1EE543AEA9D2}\chrome folder moved successfully.

C:\Users\Tim\AppData\Local\{F83758C0-2ED6-4D86-85C0-1EE543AEA9D2} folder moved successfully.

C:\Users\Tim\Desktop\AAm2crackfix-srw\Mafia.II.Crackfix-SKIDROW\dlcs\cnt_made_man\sds\wardrobe folder moved successfully.

C:\Users\Tim\Desktop\AAm2crackfix-srw\Mafia.II.Crackfix-SKIDROW\dlcs\cnt_made_man\sds\player folder moved successfully.

C:\Users\Tim\Desktop\AAm2crackfix-srw\Mafia.II.Crackfix-SKIDROW\dlcs\cnt_made_man\sds\cars folder moved successfully.

C:\Users\Tim\Desktop\AAm2crackfix-srw\Mafia.II.Crackfix-SKIDROW\dlcs\cnt_made_man\sds folder moved successfully.

C:\Users\Tim\Desktop\AAm2crackfix-srw\Mafia.II.Crackfix-SKIDROW\dlcs\cnt_made_man folder moved successfully.

C:\Users\Tim\Desktop\AAm2crackfix-srw\Mafia.II.Crackfix-SKIDROW\dlcs folder moved successfully.

C:\Users\Tim\Desktop\AAm2crackfix-srw\Mafia.II.Crackfix-SKIDROW folder moved successfully.

C:\Users\Tim\Desktop\AAm2crackfix-srw folder moved successfully.

C:\Users\Tim\Desktop\mafia_crckv3_new folder moved successfully.

C:\Users\Tim\AppData\Local\Omizegef.dat moved successfully.

C:\Users\Tim\AppData\Local\Wqipusezejoheraf.bin moved successfully.

C:\Users\Tim\Desktop\mafia_patch_1-2_ger.exe moved successfully.

C:\Users\Tim\Desktop\AAm2crackfix-srw.rar moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Tim

->Temp folder emptied: 88375 bytes

->Temporary Internet Files folder emptied: 33482 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 14266487 bytes

->Flash cache emptied: 456 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3690 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 14,00 mb

 

 

OTL by OldTimer - Version 3.2.14.1 log created on 09282010_224727
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Tim\AppData\Local\Temp\izishMyKPx.exe.nanflmrkxtns not found!

File\Folder C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJFG4D2K\setup[1].exe.nanflmrkxtns not found!
 

Registry entries deleted on Reboot...

Zitat:

C:\Users\Tim\Desktop\AAm2crackfix-srw\Mafia.II.Crackfix-SKIDROW

Sry aber ich habs mir fast gedacht, dass da was Illegales im Spiel ist :stirn:

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

Hallo cosinus,

dieser crackfix für Mafia II behebt nur diverse Fehler (Absturz bei Start, fehlender Ton etc.) die das Spiel mit speziellen Hardwarekonfigurationen als PC-Version hat.

Ich besitze die Originalversion des Spiels und habe diesen crakcfix nur installiert da der offizielle Patch die Probleme bisher nicht behebt und ich unbedingt spielen wollte da ich fast 50 Euro dafür bezahlt habe :(

Ich finde eure Hilfe wirklich toll aber ich finde es etwas schade, dass man sofort als kriminell abgestempelt wird :(

Bitte was? Du musst auf was möglicherweise Illegales zurückgreifen, damit das Spiel normal funktioniert weil der Hersteller das selbst nicht in den Griff bekommt? :wtf:

Also ich geh davon aus, dass es bald einen neuen Patch gibt aber ich wollte weder darauf warten noch das Spiel zurückschicken.

Das habe ich jetzt davon... :schrei: :killpc:

Bekomm ich wirklich keine Hilfe mehr von euch? :(

Ok, da muss ich aber schon zwei Augen zudrücken ;) ;)

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Super, danke! :)

Also hier die Log-Datei.
Die meisten Sachen kenne ich.

Was mir gar nicht bekannt vorkommt ist

Zitat:

c:\users\Tim\AppData\Roaming\SurfSecret Privacy Suite

Code:

ComboFix 10-09-28.03 - Tim 29.09.2010  14:44:44.1.2 - x86

Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1033.18.3070.2358 [GMT 2:00]

ausgeführt von:: c:\users\Tim\Desktop\cofi.exe

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\users\Tim\AppData\Local\Riot

c:\users\Tim\AppData\Local\Riot\Riot-external-tools.ini

c:\users\Tim\AppData\Local\Riot\Riot.ini

c:\users\Tim\TeamViewer_Setup.exe

c:\windows\system32\ui
 

Infizierte Kopie von c:\windows\system32\drivers\rdpencdd.sys wurde gefunden und desinfiziert 

Kopie von - Kitty ate it :p wurde wiederhergestellt 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-28 bis 2010-09-29  ))))))))))))))))))))))))))))))

.
 

2010-09-29 13:20 . 2010-09-29 13:20        --------        d-----w-        c:\users\Default\AppData\Local\temp

2010-09-29 12:39 . 2010-09-29 12:39        --------        d-----w-        C:\Device

2010-09-29 11:55 . 2010-09-29 11:57        --------        d-----w-        C:\32788R22FWJFW

2010-09-28 22:41 . 2010-09-28 22:41        --------        d-----w-        c:\program files\RecoveryFix for Excel Demo

2010-09-28 21:59 . 2010-09-28 22:02        --------        d-----w-        c:\program files\PowerDataRecovery

2010-09-28 21:31 . 2010-09-28 21:31        --------        d-----w-        c:\program files\Convar

2010-09-28 20:37 . 2010-09-28 20:37        --------        d-----w-        C:\_OTL

2010-09-28 20:23 . 2010-09-28 20:23        --------        d-----w-        c:\program files\MunSoft

2010-09-28 19:43 . 2010-09-28 19:43        --------        d-----w-        c:\program files\Avira

2010-09-28 17:40 . 2010-09-28 17:40        --------        d-----w-        c:\program files\Recuva

2010-09-27 17:22 . 2010-09-27 17:22        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2010-09-26 23:43 . 2010-09-26 23:43        --------        d-----w-        c:\programdata\Norton

2010-09-26 23:43 . 2010-09-26 23:55        --------        d-----w-        c:\users\Tim\AppData\Local\NPE

2010-09-26 20:04 . 2010-09-26 20:04        12300688        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCB89EDE-64A0-4EAB-9DAA-4F8576D9F5B5}\mpasbase.vdm

2010-09-26 20:04 . 2010-09-25 16:02        292752        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCB89EDE-64A0-4EAB-9DAA-4F8576D9F5B5}\mpasdlta.vdm

2010-09-26 07:43 . 2010-09-26 07:43        323840        ----a-w-        c:\programdata\Panda Security\Panda Cloud Antivirus\Download\0x04015000\nanoconfig_0200000000_20100923_104900.dat

2010-09-26 07:43 . 2010-09-26 07:43        323840        ----a-w-        c:\programdata\Panda Security\Panda Cloud Antivirus\Download\0x04015000\GlobalExe.exe

2010-09-26 03:59 . 2010-09-26 03:59        --------        d-----w-        c:\users\Tim\AppData\Roaming\SurfSecret Privacy Suite

2010-09-26 03:57 . 2010-09-26 03:57        264        ----a-w-        c:\windows\system32\PSUNCpl.dat

2010-09-26 03:47 . 2010-01-14 14:08        59664        ----a-w-        c:\windows\system32\drivers\TfSysMon.sys

2010-09-26 03:47 . 2010-01-14 14:08        51984        ----a-w-        c:\windows\system32\drivers\TfFsMon.sys

2010-09-26 03:47 . 2010-01-14 14:08        33552        ----a-w-        c:\windows\system32\drivers\TfNetMon.sys

2010-09-26 03:47 . 2010-09-26 03:47        --------        d-----w-        c:\program files\ThreatFire

2010-09-26 03:47 . 2010-09-26 03:47        --------        d-----w-        c:\programdata\PC Tools

2010-09-26 03:13 . 2010-09-26 03:13        --------        d-----w-        c:\users\Tim\AppData\Roaming\Malwarebytes

2010-09-26 03:13 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-26 03:13 . 2010-09-26 03:13        --------        d-----w-        c:\programdata\Malwarebytes

2010-09-26 03:13 . 2010-09-26 03:13        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-09-26 03:13 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-09-25 22:39 . 2010-09-25 22:39        --------        d-----w-        c:\program files\ESET

2010-09-24 09:24 . 2010-09-24 10:18        --------        d-----w-        c:\program files\Mafia

2010-09-15 20:54 . 2010-05-09 09:15        279552        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2010-09-15 20:54 . 2010-05-09 09:15        135168        ----a-w-        c:\windows\system32\XpsRasterService.dll

2010-09-15 20:54 . 2010-06-26 05:14        1495040        ----a-w-        c:\windows\system32\ExplorerFrame.dll

2010-09-15 20:44 . 2010-05-23 10:15        1619456        ----a-w-        c:\windows\system32\WMVDECOD.DLL

2010-09-15 20:44 . 2010-05-23 10:11        196608        ----a-w-        c:\windows\system32\mfreadwrite.dll

2010-09-15 20:44 . 2010-05-23 10:11        3181568        ----a-w-        c:\windows\system32\mf.dll

2010-09-15 20:42 . 2010-08-16 06:15        804864        ----a-w-        c:\windows\system32\FntCache.dll

2010-09-15 20:42 . 2010-08-16 06:14        1076224        ----a-w-        c:\windows\system32\DWrite.dll

2010-09-15 20:42 . 2010-08-16 06:14        218624        ----a-w-        c:\windows\system32\d3d10_1core.dll

2010-09-15 20:42 . 2010-08-16 06:14        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll

2010-09-15 20:42 . 2010-08-16 06:14        737280        ----a-w-        c:\windows\system32\d2d1.dll

2010-09-15 20:30 . 2010-09-15 20:58        --------        d-----w-        c:\windows\system32\MpEngineStore

2010-09-15 20:23 . 2009-11-25 10:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll

2010-09-15 20:23 . 2009-11-25 10:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll

2010-09-15 20:23 . 2009-11-25 10:47        297808        ----a-w-        c:\windows\system32\mscoree.dll

2010-09-15 20:23 . 2009-11-25 10:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe

2010-09-15 20:23 . 2009-11-25 10:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll

2010-09-15 20:06 . 2010-09-15 20:06        --------        d-----w-        c:\program files\Feedback Tool

2010-09-14 19:58 . 2010-09-20 15:42        46592        ---ha-w-        c:\windows\fltMburn.dll

2010-09-10 10:47 . 2010-09-10 10:47        --------        d-----w-        c:\users\Tim\AppData\Local\2K Games

2010-09-10 10:40 . 2010-09-10 10:40        --------        d-----w-        c:\program files\NVIDIA Corporation

2010-09-10 10:39 . 2010-09-10 10:39        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard

2010-09-10 10:28 . 2010-09-10 10:28        --------        d-----w-        c:\program files\2K Games

2010-09-10 10:27 . 2010-09-10 10:28        --------        d-----w-        c:\program files\DAEMON Tools Lite

2010-09-10 10:24 . 2010-09-10 10:24        --------        d-----w-        c:\users\Tim\AppData\Roaming\DAEMON Tools Net

2010-09-09 20:22 . 2010-09-09 20:20        185640        ----a-w-        c:\programdata\DivX\Setup\finishPlugin.dll

2010-09-09 20:22 . 2010-09-09 20:22        56765        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-09-09 20:22 . 2010-09-09 20:22        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe

2010-09-09 20:20 . 2010-09-09 20:20        144696        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-09-09 02:57 . 2010-09-28 22:25        --------        d-----w-        c:\users\Tim\AppData\Roaming\Vyxiza
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-29 13:23 . 2010-02-28 15:52        --------        d-----w-        c:\users\Tim\AppData\Roaming\Dropbox

2010-09-29 11:42 . 2009-11-26 14:46        --------        d-----w-        c:\users\Tim\AppData\Roaming\Skype

2010-09-29 08:04 . 2009-11-26 15:01        --------        d-----w-        c:\users\Tim\AppData\Roaming\skypePM

2010-09-28 22:25 . 2010-01-24 21:51        --------        d-----w-        c:\users\Tim\AppData\Roaming\Kydi

2010-09-27 16:30 . 2010-01-07 19:54        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2010-09-27 16:27 . 2010-07-09 21:55        --------        d-----w-        c:\program files\CCleaner

2010-09-26 03:58 . 2010-06-08 20:49        --------        d-----w-        c:\program files\Panda Security

2010-09-26 02:34 . 2010-09-26 02:34        112        ----a-w-        c:\users\Tim\AppData\Roaming\srvblck2.tmp

2010-09-24 22:36 . 2009-12-18 00:41        --------        d-----w-        c:\users\Tim\AppData\Roaming\ICQ

2010-09-21 23:55 . 2009-11-01 19:55        --------        d-----w-        c:\users\Tim\AppData\Roaming\vlc

2010-09-21 21:31 . 2009-11-10 20:28        --------        d-----w-        c:\users\Tim\AppData\Roaming\uTorrent

2010-09-15 20:22 . 2009-11-01 14:41        --------        d-----w-        c:\programdata\Microsoft Help

2010-09-11 03:45 . 2010-02-28 19:46        --------        d-----w-        c:\programdata\CyberLink

2010-09-09 20:22 . 2010-06-08 12:57        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-09-09 20:22 . 2010-06-08 12:29        --------        d-----w-        c:\programdata\DivX

2010-09-09 20:22 . 2009-12-25 12:55        --------        d-----w-        c:\program files\DivX

2010-09-09 20:20 . 2010-06-08 12:57        1062184        ----a-w-        c:\programdata\DivX\Setup\Resource.dll

2010-09-09 20:20 . 2010-06-08 12:57        850200        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe

2010-09-09 20:10 . 2009-11-10 20:29        --------        d-----w-        c:\program files\uTorrent

2010-09-09 15:46 . 2009-12-04 13:26        528272        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm

2010-08-19 08:25 . 2009-12-04 13:26        12120464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasbase.vdm

2010-08-16 09:24 . 2010-08-16 09:24        --------        d-----w-        c:\program files\Auto Clicker

2010-08-16 09:23 . 2010-08-13 12:17        --------        d-----w-        c:\program files\Mouse Tractor

2010-08-09 15:56 . 2010-08-09 15:56        --------        d-----w-        c:\users\Tim\AppData\Roaming\pokerth

2010-08-09 15:53 . 2010-08-09 15:44        --------        d-----w-        c:\program files\LANPoker

2010-08-09 15:51 . 2010-08-09 15:51        --------        d-----w-        c:\program files\Infogrames

2010-08-09 08:49 . 2010-07-20 15:11        --------        d-----w-        c:\programdata\tmp

2010-08-09 08:15 . 2010-07-20 15:11        --------        d-----w-        c:\programdata\hps

2010-08-06 18:42 . 2010-07-20 15:06        --------        d-----w-        c:\program files\dm

2010-08-06 15:01 . 2010-08-06 15:01        --------        d-----w-        c:\program files\Google

2010-07-29 06:30 . 2010-08-12 13:51        197632        ----a-w-        c:\windows\system32\ir32_32.dll

2010-07-29 06:30 . 2010-08-12 13:51        82944        ----a-w-        c:\windows\system32\iccvid.dll

2010-07-09 22:39 . 2010-02-28 20:09        36864        ----a-w-        c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe

2009-08-16 21:27 . 2009-08-16 21:27        37632        ----a-r-        c:\program files\mozilla firefox\plugins\HTSPSEH.dll

2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat

2006-05-03 09:06 . 2009-12-05 20:21        163328        --sh--r-        c:\windows\System32\flvDX.dll

2007-02-21 10:47 . 2009-12-05 20:21        31232        --sh--r-        c:\windows\System32\msfDX.dll

2008-03-16 12:30 . 2009-12-05 20:21        216064        --sh--r-        c:\windows\System32\nbDX.dll

2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]

2010-06-15 13:46        86696        ----a-w-        c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]
 

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]

@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"

[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]

2010-05-14 13:04        320832        ----a-w-        c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]

@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"

[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]

2010-05-14 13:04        320832        ----a-w-        c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-22 98304]

"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2010-01-25 136488]

"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2010-01-25 224352]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
 

c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-29 813584]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 11:28        72208        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

@="FSFilter System Recovery"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2009-06-17 16:55        55824        ----a-w-        c:\windows\KHALMNPR.Exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-05-28 07:27        570664        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]

2009-10-07 10:02        37376        ----a-w-        c:\program files\phonostar-Player\phonostarTimer.exe
 

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]

R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-15 691696]

S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-08 15416]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-01 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-22 176128]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-01-25 27504]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
 
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 11:11        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners
 

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 15:01]
 

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 15:01]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: hts-admin.net\www

Trusted Zone: hts-online.net\www

Handler: htap - {83EC570E-9FFA-11D2-9559-006008594011} - c:\program files\Hogrefe\Common\HTSProtHandler.dll

FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\

FF - prefs.js: browser.startup.homepage - handelsblatt.de

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=

FF - component: c:\program files\Panda Security\Panda ID Protect\Firefox\components\FFKeypad.dll

FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll

FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll

FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nphtspse.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nphtspst.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

SafeBoot-dmboot.sys

SafeBoot-dmio.sys

SafeBoot-dmload.sys

SafeBoot-dmadmin

SafeBoot-dmserver

SafeBoot-SRService
 
 
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(812)

c:\program files\ThreatFire\TFWAH.dll
 

- - - - - - - > 'lsass.exe'(628)

c:\program files\ThreatFire\TFWAH.dll
 

- - - - - - - > 'Explorer.exe'(5244)

c:\program files\ThreatFire\TfWah.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll

c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

c:\windows\system32\dbghelp.dll

c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL

c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll

c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll

c:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll

c:\windows\system32\WINSPOOL.DRV

c:\windows\System32\netprofm.dll

c:\windows\System32\msxml3.dll

c:\windows\system32\MPR.dll

c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe

c:\windows\system32\atieclxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\ThreatFire\TFService.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\conhost.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-09-29  15:40:47 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-09-29 13:40
 

Vor Suchlauf: 182.169.677.824 bytes free

Nach Suchlauf: 181.854.130.176 bytes free
 

- - End Of File - - A32C44E7AC811068CDCA94B3DAE33FD7

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Folder::

c:\users\Tim\AppData\Roaming\Vyxiza

C:\32788R22FWJFW
 

File::

c:\users\Tim\AppData\Roaming\srvblck2.tmp

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Automatisch angezeigt wurde "Log.txt", nicht "ComboFix.txt".
Ist das die richtige?

Panda hat heute wieder reagiert, siehe Screenshot im Anhang.

Log.txt:

Code:

ComboFix 10-09-29.04 - Tim 30.09.2010  16:15:37.2.2 - x86

Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1033.18.3070.2113 [GMT 2:00]

ausgeführt von:: c:\users\Tim\Desktop\cofi.exe

Benutzte Befehlsschalter :: c:\users\Tim\Desktop\CFScript.txt

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
 

FILE ::

"c:\users\Tim\AppData\Roaming\srvblck2.tmp"

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\users\Tim\AppData\Roaming\srvblck2.tmp

c:\users\Tim\AppData\Roaming\Vyxiza
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-28 bis 2010-09-30  ))))))))))))))))))))))))))))))

.
 

2010-09-30 14:39 . 2010-09-30 14:39        --------        d-----w-        c:\users\Public\AppData\Local\temp

2010-09-30 14:39 . 2010-09-30 14:39        --------        d-----w-        c:\users\Default\AppData\Local\temp

2010-09-29 12:39 . 2010-09-29 12:39        --------        d-----w-        C:\Device

2010-09-29 11:57 . 2010-09-29 13:41        --------        d-----w-        C:\cofi

2010-09-28 22:41 . 2010-09-28 22:41        --------        d-----w-        c:\program files\RecoveryFix for Excel Demo

2010-09-28 21:59 . 2010-09-28 22:02        --------        d-----w-        c:\program files\PowerDataRecovery

2010-09-28 21:31 . 2010-09-28 21:31        --------        d-----w-        c:\program files\Convar

2010-09-28 20:37 . 2010-09-28 20:37        --------        d-----w-        C:\_OTL

2010-09-28 20:23 . 2010-09-28 20:23        --------        d-----w-        c:\program files\MunSoft

2010-09-28 19:43 . 2010-09-28 19:43        --------        d-----w-        c:\program files\Avira

2010-09-28 17:40 . 2010-09-28 17:40        --------        d-----w-        c:\program files\Recuva

2010-09-27 17:22 . 2010-09-27 17:22        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2010-09-26 23:43 . 2010-09-26 23:43        --------        d-----w-        c:\programdata\Norton

2010-09-26 23:43 . 2010-09-26 23:55        --------        d-----w-        c:\users\Tim\AppData\Local\NPE

2010-09-26 07:43 . 2010-09-26 07:43        323840        ----a-w-        c:\programdata\Panda Security\Panda Cloud Antivirus\Download\0x04015000\GlobalExe.exe

2010-09-26 03:59 . 2010-09-26 03:59        --------        d-----w-        c:\users\Tim\AppData\Roaming\SurfSecret Privacy Suite

2010-09-26 03:57 . 2010-09-26 03:57        264        ----a-w-        c:\windows\system32\PSUNCpl.dat

2010-09-26 03:13 . 2010-09-26 03:13        --------        d-----w-        c:\users\Tim\AppData\Roaming\Malwarebytes

2010-09-26 03:13 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-26 03:13 . 2010-09-26 03:13        --------        d-----w-        c:\programdata\Malwarebytes

2010-09-26 03:13 . 2010-09-26 03:13        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-09-26 03:13 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-09-25 22:39 . 2010-09-25 22:39        --------        d-----w-        c:\program files\ESET

2010-09-24 09:24 . 2010-09-24 10:18        --------        d-----w-        c:\program files\Mafia

2010-09-15 20:54 . 2010-05-09 09:15        279552        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2010-09-15 20:54 . 2010-05-09 09:15        135168        ----a-w-        c:\windows\system32\XpsRasterService.dll

2010-09-15 20:54 . 2010-06-26 05:14        1495040        ----a-w-        c:\windows\system32\ExplorerFrame.dll

2010-09-15 20:44 . 2010-05-23 10:15        1619456        ----a-w-        c:\windows\system32\WMVDECOD.DLL

2010-09-15 20:44 . 2010-05-23 10:11        196608        ----a-w-        c:\windows\system32\mfreadwrite.dll

2010-09-15 20:44 . 2010-05-23 10:11        3181568        ----a-w-        c:\windows\system32\mf.dll

2010-09-15 20:42 . 2010-08-16 06:15        804864        ----a-w-        c:\windows\system32\FntCache.dll

2010-09-15 20:42 . 2010-08-16 06:14        1076224        ----a-w-        c:\windows\system32\DWrite.dll

2010-09-15 20:42 . 2010-08-16 06:14        218624        ----a-w-        c:\windows\system32\d3d10_1core.dll

2010-09-15 20:42 . 2010-08-16 06:14        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll

2010-09-15 20:42 . 2010-08-16 06:14        737280        ----a-w-        c:\windows\system32\d2d1.dll

2010-09-15 20:30 . 2010-09-15 20:58        --------        d-----w-        c:\windows\system32\MpEngineStore

2010-09-15 20:23 . 2009-11-25 10:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll

2010-09-15 20:23 . 2009-11-25 10:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll

2010-09-15 20:23 . 2009-11-25 10:47        297808        ----a-w-        c:\windows\system32\mscoree.dll

2010-09-15 20:23 . 2009-11-25 10:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe

2010-09-15 20:23 . 2009-11-25 10:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll

2010-09-15 20:06 . 2010-09-15 20:06        --------        d-----w-        c:\program files\Feedback Tool

2010-09-10 10:47 . 2010-09-10 10:47        --------        d-----w-        c:\users\Tim\AppData\Local\2K Games

2010-09-10 10:40 . 2010-09-10 10:40        --------        d-----w-        c:\program files\NVIDIA Corporation

2010-09-10 10:39 . 2010-09-10 10:39        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard

2010-09-10 10:28 . 2010-09-10 10:28        --------        d-----w-        c:\program files\2K Games

2010-09-10 10:27 . 2010-09-10 10:28        --------        d-----w-        c:\program files\DAEMON Tools Lite

2010-09-10 10:24 . 2010-09-10 10:24        --------        d-----w-        c:\users\Tim\AppData\Roaming\DAEMON Tools Net

2010-09-09 20:22 . 2010-09-09 20:20        185640        ----a-w-        c:\programdata\DivX\Setup\finishPlugin.dll

2010-09-09 20:22 . 2010-09-09 20:22        56765        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-09-09 20:22 . 2010-09-09 20:22        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe

2010-09-09 20:20 . 2010-09-09 20:20        144696        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-30 11:19 . 2010-02-28 15:52        --------        d-----w-        c:\users\Tim\AppData\Roaming\Dropbox

2010-09-30 00:19 . 2009-11-26 14:46        --------        d-----w-        c:\users\Tim\AppData\Roaming\Skype

2010-09-29 22:00 . 2009-11-26 15:01        --------        d-----w-        c:\users\Tim\AppData\Roaming\skypePM

2010-09-28 22:25 . 2010-01-24 21:51        --------        d-----w-        c:\users\Tim\AppData\Roaming\Kydi

2010-09-27 16:30 . 2010-01-07 19:54        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2010-09-27 16:27 . 2010-07-09 21:55        --------        d-----w-        c:\program files\CCleaner

2010-09-26 03:58 . 2010-06-08 20:49        --------        d-----w-        c:\program files\Panda Security

2010-09-24 22:36 . 2009-12-18 00:41        --------        d-----w-        c:\users\Tim\AppData\Roaming\ICQ

2010-09-21 23:55 . 2009-11-01 19:55        --------        d-----w-        c:\users\Tim\AppData\Roaming\vlc

2010-09-21 21:31 . 2009-11-10 20:28        --------        d-----w-        c:\users\Tim\AppData\Roaming\uTorrent

2010-09-15 20:22 . 2009-11-01 14:41        --------        d-----w-        c:\programdata\Microsoft Help

2010-09-11 03:45 . 2010-02-28 19:46        --------        d-----w-        c:\programdata\CyberLink

2010-09-09 20:22 . 2010-06-08 12:57        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-09-09 20:22 . 2010-06-08 12:29        --------        d-----w-        c:\programdata\DivX

2010-09-09 20:22 . 2009-12-25 12:55        --------        d-----w-        c:\program files\DivX

2010-09-09 20:20 . 2010-06-08 12:57        1062184        ----a-w-        c:\programdata\DivX\Setup\Resource.dll

2010-09-09 20:20 . 2010-06-08 12:57        850200        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe

2010-09-09 20:10 . 2009-11-10 20:29        --------        d-----w-        c:\program files\uTorrent

2010-08-16 09:24 . 2010-08-16 09:24        --------        d-----w-        c:\program files\Auto Clicker

2010-08-16 09:23 . 2010-08-13 12:17        --------        d-----w-        c:\program files\Mouse Tractor

2010-08-09 15:56 . 2010-08-09 15:56        --------        d-----w-        c:\users\Tim\AppData\Roaming\pokerth

2010-08-09 15:53 . 2010-08-09 15:44        --------        d-----w-        c:\program files\LANPoker

2010-08-09 15:51 . 2010-08-09 15:51        --------        d-----w-        c:\program files\Infogrames

2010-08-09 08:49 . 2010-07-20 15:11        --------        d-----w-        c:\programdata\tmp

2010-08-09 08:15 . 2010-07-20 15:11        --------        d-----w-        c:\programdata\hps

2010-08-06 18:42 . 2010-07-20 15:06        --------        d-----w-        c:\program files\dm

2010-08-06 15:01 . 2010-08-06 15:01        --------        d-----w-        c:\program files\Google

2010-07-29 06:30 . 2010-08-12 13:51        197632        ----a-w-        c:\windows\system32\ir32_32.dll

2010-07-29 06:30 . 2010-08-12 13:51        82944        ----a-w-        c:\windows\system32\iccvid.dll

2010-07-09 22:39 . 2010-02-28 20:09        36864        ----a-w-        c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe

2009-08-16 21:27 . 2009-08-16 21:27        37632        ----a-r-        c:\program files\mozilla firefox\plugins\HTSPSEH.dll

2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat

2006-05-03 09:06 . 2009-12-05 20:21        163328        --sh--r-        c:\windows\System32\flvDX.dll

2007-02-21 10:47 . 2009-12-05 20:21        31232        --sh--r-        c:\windows\System32\msfDX.dll

2008-03-16 12:30 . 2009-12-05 20:21        216064        --sh--r-        c:\windows\System32\nbDX.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]

2010-06-15 13:46        86696        ----a-w-        c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]
 

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]

@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"

[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]

2010-05-14 13:04        320832        ----a-w-        c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]

@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"

[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]

2010-05-14 13:04        320832        ----a-w-        c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-22 98304]

"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2010-01-25 136488]

"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2010-01-25 224352]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-29 813584]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 11:28        72208        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

@="FSFilter System Recovery"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2009-06-17 16:55        55824        ----a-w-        c:\windows\KHALMNPR.Exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-05-28 07:27        570664        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]

2009-10-07 10:02        37376        ----a-w-        c:\program files\phonostar-Player\phonostarTimer.exe
 

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-15 691696]

S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-08 15416]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-01 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-22 176128]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-01-25 27504]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
 
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 11:11        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners
 

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 15:01]
 

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 15:01]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: hts-admin.net\www

Trusted Zone: hts-online.net\www

Handler: htap - {83EC570E-9FFA-11D2-9559-006008594011} - c:\program files\Hogrefe\Common\HTSProtHandler.dll

FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\

FF - prefs.js: browser.startup.homepage - handelsblatt.de

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=

FF - component: c:\program files\Panda Security\Panda ID Protect\Firefox\components\FFKeypad.dll

FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll

FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll

FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nphtspse.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nphtspst.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\xnm3v344.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2010-09-30  16:56:41

ComboFix-quarantined-files.txt  2010-09-30 14:56

ComboFix2.txt  2010-09-29 13:40
 

Vor Suchlauf: 181.410.914.304 bytes free

Nach Suchlauf: 181.129.220.096 bytes free
 

- - End Of File - - 7AFD4D85D558D51A7008DB76E744ECFB

So ganz überzeugt bin ich von der Bereinigung hier nicht. Diese "patches" installieren oft richtig fiese Sachen nach. Vermutlich wirst Du um format c: nicht herumkommen und diesen dubiosen Mist darfst Du dann auch nicht mehr ausführen wenn Du einen sauberen Rechner haben willst.

Wir können aber noch weiterprobieren. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

sorry, ich hatte gestern keine gelegenheit die scans zu erledigen.
der bootkit-remover gibt eine fehlermeldung aus, konnte ihn daher leider nicht ausführen (siehe angehängtes bild).

GMER log:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-10-02 23:17:14

Windows 6.1.7600 

Running: 44pfno5x.exe; Driver: C:\Users\Tim\AppData\Local\Temp\pwloikow.sys
 
 

---- System - GMER 1.0.15 ----
 

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82E2EAF8

INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82E2E104

INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82E2E3F4

INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82E16634

INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82E16898

INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82E2E1DC

INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82E2E958

INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82E2E6F8

INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82E2EF2C

INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82E2F1A8
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                     82E8E599 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82EB2F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x91A0C000, 0x2D50D6, 0xE8000020]

.text           peauth.sys                                                                                                          AB02EC9D 28 Bytes  [CF, 9B, DF, B7, 2E, 5E, 52, ...]

.text           peauth.sys                                                                                                          AB02ECC1 28 Bytes  [CF, 9B, DF, B7, 2E, 5E, 52, ...]

?               C:\Users\Tim\AppData\Local\Temp\catchme.sys                                                                         The system cannot find the file specified. !

?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                          The system cannot find the file specified. !

?               C:\Users\Tim\AppData\Local\Temp\mbr.sys                                                                             The system cannot find the file specified. !
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                                     [73EF2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                [73ED5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                               [73ED56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                                      [73EF250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                            [73EE8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                              [73EE4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                             [73EE50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                            [73EE51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                   [73EE66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                             [73EE82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                        [73EE8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                      [73EE907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                            [73EEE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[3124] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                [73EE4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\00000053                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd507b97                                         

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd507b97@0022a5cc6205                            0xA0 0x13 0x30 0xB2 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x5B 0x81 0x3A 0x4B ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xFC 0xE7 0x18 0x40 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x80 0x28 0x24 0x30 ...

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd507b97 (not active ControlSet)                     

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd507b97@0022a5cc6205                                0xA0 0x13 0x30 0xB2 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x5B 0x81 0x3A 0x4B ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xFC 0xE7 0x18 0x40 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x80 0x28 0x24 0x30 ...
 

---- EOF - GMER 1.0.15 ----

OSAM Log:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 23:33:09 on 02.10.2010
 

OS: Windows 7  (Build 7600), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.3
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"PSUNCpl.cpl" - "Panda Security, S.L." - C:\Windows\system32\PSUNCpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"HP 3D DriveGuard" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\hpaccelerometercp.CPL

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL

"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"PSUNCPL" - ? - C:\Windows\syst  (File not found)

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Amd Disk Lower Filter Driver" (Amddfltr) - "Advanced Micro Devices" - C:\Windows\System32\DRIVERS\Amddfltr.sys

"catchme" (catchme) - ? - C:\Users\Tim\AppData\Local\Temp\catchme.sys  (File not found)

"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)

"PSINAflt" (PSINAflt) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINAflt.sys

"PSINFile" (PSINFile) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINFile.sys

"PSINKNC" (PSINKNC) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\psinknc.sys

"PSINProc" (PSINProc) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINProc.sys

"PSINProt" (PSINProt) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINProt.sys

"TfFsMon" (TfFsMon) - ? - C:\Windows\System32\drivers\TfFsMon.sys  (File not found)

"TfNetMon" (TfNetMon) - ? - C:\Windows\system32\drivers\TfNetMon.sys  (File not found)

"TfSysMon" (TfSysMon) - ? - C:\Windows\System32\drivers\TfSysMon.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{83EC570E-9FFA-11D2-9559-006008594011} "HTSProtHandler.CHtapHandler" - "PtahSoft GmbH, ZTD Freiburg" - C:\Program Files\Hogrefe\Common\HTSProtHandler.dll

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll

{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll

{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll

{C080DC3F-9095-4E4B-95E6-D67D077130E8} "IconsHandlerNano Class" - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll

{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL

{80AEF606-7FFA-4EF6-86C4-0B86FEF4E0CD} "ShellExt Class" - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "Eset" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll

"ICQ7" - "ICQ, Inc." - C:\Program Files\ICQ7.0\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar" - ? - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar" - ? - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

"TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"PSUNMain" - "Panda Security, S.L." - "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"YouCam Mirage" - "CyberLink" - "C:\Program Files\CyberLink\YouCam\YCMMirage.exe"

"YouCam Tray" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\YouCam.exe" /s
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Panda Cloud Antivirus Service" (NanoServiceMain) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe

"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

MBR Check:

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Professional

Windows Information:                 (build 7600), 32-bit

Base Board Manufacturer:        Quanta

BIOS Manufacturer:                Hewlett-Packard

System Manufacturer:                Hewlett-Packard

System Product Name:                HP Pavilion dv5 Notebook PC

Logical Drives Mask:                0x0000001c
 

Kernel Drivers (total 210):

  0x82E17000 \SystemRoot\system32\ntkrnlpa.exe

  0x83227000 \SystemRoot\system32\halmacpi.dll

  0x80BAB000 \SystemRoot\system32\kdcom.dll

  0x8B00B000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

  0x8B016000 \SystemRoot\system32\PSHED.dll

  0x8B027000 \SystemRoot\system32\BOOTVID.dll

  0x8B02F000 \SystemRoot\system32\CLFS.SYS

  0x8B071000 \SystemRoot\system32\CI.dll

  0x8B11C000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x8B18D000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x8B19B000 \SystemRoot\system32\DRIVERS\ACPI.sys

  0x8B1E3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

  0x8B1EC000 \SystemRoot\system32\DRIVERS\msisadrv.sys

  0x8B1F4000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

  0x8B23F000 \SystemRoot\system32\DRIVERS\pci.sys

  0x8B269000 \SystemRoot\System32\drivers\partmgr.sys

  0x8B27A000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x8B282000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x8B28D000 \SystemRoot\system32\DRIVERS\volmgr.sys

  0x8B29D000 \SystemRoot\System32\drivers\volmgrx.sys

  0x8B2E8000 \SystemRoot\system32\DRIVERS\pciide.sys

  0x8B2EF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

  0x8B2FD000 \SystemRoot\System32\drivers\mountmgr.sys

  0x8B313000 \SystemRoot\system32\DRIVERS\atapi.sys

  0x8B31C000 \SystemRoot\system32\DRIVERS\ataport.SYS

  0x8B33F000 \SystemRoot\system32\DRIVERS\msahci.sys

  0x8B349000 \SystemRoot\system32\DRIVERS\amdxata.sys

  0x8B352000 \SystemRoot\system32\drivers\fltmgr.sys

  0x8B386000 \SystemRoot\system32\drivers\fileinfo.sys

  0x8B41C000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x8B54B000 \SystemRoot\System32\Drivers\msrpc.sys

  0x8B576000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x8B589000 \SystemRoot\System32\Drivers\cng.sys

  0x8B5E6000 \SystemRoot\System32\drivers\pcw.sys

  0x8B5F4000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x8B62F000 \SystemRoot\system32\drivers\ndis.sys

  0x8B6E6000 \SystemRoot\system32\drivers\NETIO.SYS

  0x8B724000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x8B839000 \SystemRoot\System32\drivers\tcpip.sys

  0x8B982000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x8B9B3000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

  0x8B9BC000 \SystemRoot\system32\DRIVERS\volsnap.sys

  0x8B800000 \SystemRoot\System32\Drivers\spldr.sys

  0x8B808000 \SystemRoot\System32\drivers\rdyboost.sys

  0x8B749000 \SystemRoot\System32\Drivers\mup.sys

  0x8B759000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x8B761000 \SystemRoot\system32\DRIVERS\hpdskflt.sys

  0x8B76A000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x8B79C000 \SystemRoot\system32\DRIVERS\disk.sys

  0x8B7AD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x8B7D2000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

  0x8B7DA000 \SystemRoot\system32\DRIVERS\Amddfltr.sys

  0x8B397000 \SystemRoot\system32\DRIVERS\ahcix86s.sys

  0x8BA06000 \SystemRoot\system32\DRIVERS\storport.sys

  0x8BAB5000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x8BAD4000 \SystemRoot\System32\Drivers\Null.SYS

  0x8BADB000 \SystemRoot\System32\Drivers\Beep.SYS

  0x8BAE2000 \SystemRoot\System32\drivers\vga.sys

  0x8BAEE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x8BB0F000 \SystemRoot\System32\drivers\watchdog.sys

  0x8BB1C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x8BB24000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x8BB2C000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x8BB34000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x8BB3F000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x8BB4D000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x8BB64000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x8BB6F000 \SystemRoot\system32\drivers\afd.sys

  0x8BBC9000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x8B7E2000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x8B600000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x8B7E9000 \SystemRoot\system32\DRIVERS\vwififlt.sys

  0x8B61F000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x8B400000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x8B3D7000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x9080B000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x9084C000 \SystemRoot\system32\DRIVERS\psinknc.sys

  0x9086E000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x90878000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x90882000 \SystemRoot\System32\drivers\discache.sys

  0x9088E000 \SystemRoot\system32\drivers\csc.sys

  0x908F2000 \SystemRoot\System32\Drivers\dfsc.sys

  0x9090A000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x90918000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x90939000 \SystemRoot\system32\DRIVERS\amdppm.sys

  0x91A2C000 \SystemRoot\system32\DRIVERS\atikmdag.sys

  0x91F41000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x9094A000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x91A00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x9156B000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

  0x91591000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0x91597000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x915A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x915EC000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x90983000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0x91A1F000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

  0x9099B000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x909A8000 \SystemRoot\system32\DRIVERS\SynTP.sys

  0x915FB000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x909D8000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x909E5000 \SystemRoot\system32\DRIVERS\enecir.sys

  0x90800000 \SystemRoot\system32\DRIVERS\Accelerometer.sys

  0x91400000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0x8B413000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

  0x8B3E7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

  0x91FF8000 \SystemRoot\system32\DRIVERS\clwvd.sys

  0x8B200000 \SystemRoot\system32\DRIVERS\ks.sys

  0x92A21000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x92A33000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x92A4B000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x92A56000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x92A78000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x92A90000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x92AA7000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x92ABE000 \SystemRoot\system32\DRIVERS\rdpbus.sys

  0x92AC8000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x92ACA000 \SystemRoot\system32\DRIVERS\circlass.sys

  0x92AD8000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x92AE6000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x92B2A000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x92B3B000 \SystemRoot\system32\drivers\AtiHdmi.sys

  0x92B57000 \SystemRoot\system32\drivers\portcls.sys

  0x92B86000 \SystemRoot\system32\drivers\drmk.sys

  0x97E24000 \SystemRoot\system32\DRIVERS\stwrt.sys

  0x97E8C000 \SystemRoot\system32\DRIVERS\hidir.sys

  0x97E9B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x97EAE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x97EB5000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0x97EC1000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x985B0000 \SystemRoot\System32\win32k.sys

  0x97ECC000 \SystemRoot\System32\drivers\Dxapi.sys

  0x97EEC000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x97F03000 \SystemRoot\System32\Drivers\usbvideo.sys

  0x98410000 \SystemRoot\System32\TSDDD.dll

  0x98440000 \SystemRoot\System32\cdd.dll

  0x97F32000 \SystemRoot\system32\drivers\luafv.sys

  0x97F4D000 \SystemRoot\system32\DRIVERS\PSINAflt.sys

  0x97F74000 \SystemRoot\system32\DRIVERS\PSINProt.sys

  0x97F92000 \SystemRoot\system32\DRIVERS\cdfs.sys

  0x97FA8000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x97FB5000 \SystemRoot\System32\Drivers\dump_diskdump.sys

  0x97FBF000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys

  0x97E00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x92B9F000 \SystemRoot\system32\DRIVERS\PSINFile.sys

  0x92BBB000 \SystemRoot\system32\DRIVERS\PSINProc.sys

  0x92BD9000 \SystemRoot\system32\drivers\WudfPf.sys

  0x97E11000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x8BA4D000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x92A00000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x8BA93000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0xA9A3A000 \SystemRoot\system32\drivers\HTTP.sys

  0xA9AC8000 \SystemRoot\system32\DRIVERS\bowser.sys

  0xA9AE1000 \SystemRoot\System32\drivers\mpsdrv.sys

  0xA9AF3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xA9B16000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0xA9B51000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0xAA408000 \SystemRoot\system32\drivers\peauth.sys

  0xAA49F000 \SystemRoot\System32\Drivers\secdrv.SYS

  0xAA4A9000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0xAA4CA000 \SystemRoot\System32\drivers\tcpipreg.sys

  0xAA4D7000 \SystemRoot\System32\DRIVERS\srv2.sys

  0xAA526000 \SystemRoot\System32\DRIVERS\srv.sys

  0xAA598000 \SystemRoot\system32\DRIVERS\asyncmac.sys

  0x91404000 \SystemRoot\system32\DRIVERS\athr.sys

  0xAA5A1000 \SystemRoot\system32\DRIVERS\vwifibus.sys

  0xAA5AB000 \SystemRoot\system32\DRIVERS\vwifimp.sys

  0xAA5CA000 \SystemRoot\system32\DRIVERS\Rt86win7.sys

  0xAA5B4000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0xAA5BF000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

  0xAA5EF000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

  0xAA577000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x772D0000 \Windows\System32\ntdll.dll

Das Log ist unvollständig

stimmt, sorry!

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Professional

Windows Information:                 (build 7600), 32-bit

Base Board Manufacturer:        Quanta

BIOS Manufacturer:                Hewlett-Packard

System Manufacturer:                Hewlett-Packard

System Product Name:                HP Pavilion dv5 Notebook PC

Logical Drives Mask:                0x0000001c
 

Kernel Drivers (total 212):

  0x82E17000 \SystemRoot\system32\ntkrnlpa.exe

  0x83227000 \SystemRoot\system32\halmacpi.dll

  0x80BAB000 \SystemRoot\system32\kdcom.dll

  0x8B00B000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

  0x8B016000 \SystemRoot\system32\PSHED.dll

  0x8B027000 \SystemRoot\system32\BOOTVID.dll

  0x8B02F000 \SystemRoot\system32\CLFS.SYS

  0x8B071000 \SystemRoot\system32\CI.dll

  0x8B11C000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x8B18D000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x8B19B000 \SystemRoot\system32\DRIVERS\ACPI.sys

  0x8B1E3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

  0x8B1EC000 \SystemRoot\system32\DRIVERS\msisadrv.sys

  0x8B1F4000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

  0x8B23F000 \SystemRoot\system32\DRIVERS\pci.sys

  0x8B269000 \SystemRoot\System32\drivers\partmgr.sys

  0x8B27A000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x8B282000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x8B28D000 \SystemRoot\system32\DRIVERS\volmgr.sys

  0x8B29D000 \SystemRoot\System32\drivers\volmgrx.sys

  0x8B2E8000 \SystemRoot\system32\DRIVERS\pciide.sys

  0x8B2EF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

  0x8B2FD000 \SystemRoot\System32\drivers\mountmgr.sys

  0x8B313000 \SystemRoot\system32\DRIVERS\atapi.sys

  0x8B31C000 \SystemRoot\system32\DRIVERS\ataport.SYS

  0x8B33F000 \SystemRoot\system32\DRIVERS\msahci.sys

  0x8B349000 \SystemRoot\system32\DRIVERS\amdxata.sys

  0x8B352000 \SystemRoot\system32\drivers\fltmgr.sys

  0x8B386000 \SystemRoot\system32\drivers\fileinfo.sys

  0x8B41C000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x8B54B000 \SystemRoot\System32\Drivers\msrpc.sys

  0x8B576000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x8B589000 \SystemRoot\System32\Drivers\cng.sys

  0x8B5E6000 \SystemRoot\System32\drivers\pcw.sys

  0x8B5F4000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x8B62F000 \SystemRoot\system32\drivers\ndis.sys

  0x8B6E6000 \SystemRoot\system32\drivers\NETIO.SYS

  0x8B724000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x8B839000 \SystemRoot\System32\drivers\tcpip.sys

  0x8B982000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x8B9B3000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

  0x8B9BC000 \SystemRoot\system32\DRIVERS\volsnap.sys

  0x8B800000 \SystemRoot\System32\Drivers\spldr.sys

  0x8B808000 \SystemRoot\System32\drivers\rdyboost.sys

  0x8B749000 \SystemRoot\System32\Drivers\mup.sys

  0x8B759000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x8B761000 \SystemRoot\system32\DRIVERS\hpdskflt.sys

  0x8B76A000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x8B79C000 \SystemRoot\system32\DRIVERS\disk.sys

  0x8B7AD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x8B7D2000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

  0x8B7DA000 \SystemRoot\system32\DRIVERS\Amddfltr.sys

  0x8B397000 \SystemRoot\system32\DRIVERS\ahcix86s.sys

  0x8BA06000 \SystemRoot\system32\DRIVERS\storport.sys

  0x8BAB5000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x8BAD4000 \SystemRoot\System32\Drivers\Null.SYS

  0x8BADB000 \SystemRoot\System32\Drivers\Beep.SYS

  0x8BAE2000 \SystemRoot\System32\drivers\vga.sys

  0x8BAEE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x8BB0F000 \SystemRoot\System32\drivers\watchdog.sys

  0x8BB1C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x8BB24000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x8BB2C000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x8BB34000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x8BB3F000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x8BB4D000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x8BB64000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x8BB6F000 \SystemRoot\system32\drivers\afd.sys

  0x8BBC9000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x8B7E2000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x8B600000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x8B7E9000 \SystemRoot\system32\DRIVERS\vwififlt.sys

  0x8B61F000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x8B400000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x8B3D7000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x9080B000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x9084C000 \SystemRoot\system32\DRIVERS\psinknc.sys

  0x9086E000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x90878000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x90882000 \SystemRoot\System32\drivers\discache.sys

  0x9088E000 \SystemRoot\system32\drivers\csc.sys

  0x908F2000 \SystemRoot\System32\Drivers\dfsc.sys

  0x9090A000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x90918000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x90939000 \SystemRoot\system32\DRIVERS\amdppm.sys

  0x91A2C000 \SystemRoot\system32\DRIVERS\atikmdag.sys

  0x91F41000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x9094A000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x91A00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x9156B000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

  0x91591000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0x91597000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x915A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x915EC000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x90983000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0x91A1F000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

  0x9099B000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x909A8000 \SystemRoot\system32\DRIVERS\SynTP.sys

  0x915FB000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x909D8000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x909E5000 \SystemRoot\system32\DRIVERS\enecir.sys

  0x90800000 \SystemRoot\system32\DRIVERS\Accelerometer.sys

  0x91400000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0x8B413000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

  0x8B3E7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

  0x91FF8000 \SystemRoot\system32\DRIVERS\clwvd.sys

  0x8B200000 \SystemRoot\system32\DRIVERS\ks.sys

  0x92A21000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x92A33000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x92A4B000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x92A56000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x92A78000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x92A90000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x92AA7000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x92ABE000 \SystemRoot\system32\DRIVERS\rdpbus.sys

  0x92AC8000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x92ACA000 \SystemRoot\system32\DRIVERS\circlass.sys

  0x92AD8000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x92AE6000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x92B2A000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x92B3B000 \SystemRoot\system32\drivers\AtiHdmi.sys

  0x92B57000 \SystemRoot\system32\drivers\portcls.sys

  0x92B86000 \SystemRoot\system32\drivers\drmk.sys

  0x97E24000 \SystemRoot\system32\DRIVERS\stwrt.sys

  0x97E8C000 \SystemRoot\system32\DRIVERS\hidir.sys

  0x97E9B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x97EAE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x97EB5000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0x97EC1000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x985B0000 \SystemRoot\System32\win32k.sys

  0x97ECC000 \SystemRoot\System32\drivers\Dxapi.sys

  0x97EEC000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x97F03000 \SystemRoot\System32\Drivers\usbvideo.sys

  0x98410000 \SystemRoot\System32\TSDDD.dll

  0x98440000 \SystemRoot\System32\cdd.dll

  0x97F32000 \SystemRoot\system32\drivers\luafv.sys

  0x97F4D000 \SystemRoot\system32\DRIVERS\PSINAflt.sys

  0x97F74000 \SystemRoot\system32\DRIVERS\PSINProt.sys

  0x97F92000 \SystemRoot\system32\DRIVERS\cdfs.sys

  0x97FA8000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x97FB5000 \SystemRoot\System32\Drivers\dump_diskdump.sys

  0x97FBF000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys

  0x97E00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x92B9F000 \SystemRoot\system32\DRIVERS\PSINFile.sys

  0x92BBB000 \SystemRoot\system32\DRIVERS\PSINProc.sys

  0x92BD9000 \SystemRoot\system32\drivers\WudfPf.sys

  0x97E11000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x8BA4D000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x92A00000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x8BA93000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0xA9A3A000 \SystemRoot\system32\drivers\HTTP.sys

  0xA9AC8000 \SystemRoot\system32\DRIVERS\bowser.sys

  0xA9AE1000 \SystemRoot\System32\drivers\mpsdrv.sys

  0xA9AF3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xA9B16000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0xA9B51000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0xAA408000 \SystemRoot\system32\drivers\peauth.sys

  0xAA49F000 \SystemRoot\System32\Drivers\secdrv.SYS

  0xAA4A9000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0xAA4CA000 \SystemRoot\System32\drivers\tcpipreg.sys

  0xAA4D7000 \SystemRoot\System32\DRIVERS\srv2.sys

  0xAA526000 \SystemRoot\System32\DRIVERS\srv.sys

  0xAA598000 \SystemRoot\system32\DRIVERS\asyncmac.sys

  0x91404000 \SystemRoot\system32\DRIVERS\athr.sys

  0xAA5A1000 \SystemRoot\system32\DRIVERS\vwifibus.sys

  0xAA5AB000 \SystemRoot\system32\DRIVERS\vwifimp.sys

  0xAA5CA000 \SystemRoot\system32\DRIVERS\Rt86win7.sys

  0xAA5B4000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0xAA5BF000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

  0xAA5EF000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

  0xA9B6C000 \SystemRoot\system32\DRIVERS\1394ohci.sys

  0xA9B98000 \SystemRoot\system32\DRIVERS\jmcr.sys

  0xAA58D000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x772D0000 \Windows\System32\ntdll.dll

  0x47AA0000 \Windows\System32\smss.exe

  0x77510000 \Windows\System32\apisetschema.dll

  0x00E90000 \Windows\System32\autochk.exe

  0x774B0000 \Windows\System32\Wldap32.dll

  0x77190000 \Windows\System32\urlmon.dll

  0x77490000 \Windows\System32\imm32.dll

  0x77100000 \Windows\System32\clbcatq.dll

  0x76FA0000 \Windows\System32\ole32.dll

  0x77450000 \Windows\System32\ws2_32.dll

  0x76EF0000 \Windows\System32\msvcrt.dll

  0x77440000 \Windows\System32\psapi.dll

  0x76E10000 \Windows\System32\kernel32.dll

  0x77430000 \Windows\System32\normaliz.dll

  0x76D80000 \Windows\System32\oleaut32.dll

  0x76BE0000 \Windows\System32\setupapi.dll

  0x76B90000 \Windows\System32\gdi32.dll

  0x76AC0000 \Windows\System32\msctf.dll

  0x77420000 \Windows\System32\nsi.dll

  0x77410000 \Windows\System32\lpk.dll

  0x75E70000 \Windows\System32\shell32.dll

  0x75DC0000 \Windows\System32\rpcrt4.dll

  0x75D20000 \Windows\System32\usp10.dll

  0x75CC0000 \Windows\System32\difxapi.dll

  0x75BC0000 \Windows\System32\wininet.dll

  0x75B90000 \Windows\System32\imagehlp.dll

  0x75B70000 \Windows\System32\sechost.dll

  0x75AF0000 \Windows\System32\comdlg32.dll

  0x75A20000 \Windows\System32\user32.dll

  0x759C0000 \Windows\System32\shlwapi.dll

  0x757C0000 \Windows\System32\iertutil.dll

  0x75720000 \Windows\System32\advapi32.dll

  0x75600000 \Windows\System32\crypt32.dll

  0x755E0000 \Windows\System32\devobj.dll

  0x755B0000 \Windows\System32\cfgmgr32.dll

  0x75560000 \Windows\System32\KernelBase.dll

  0x754D0000 \Windows\System32\comctl32.dll

  0x754A0000 \Windows\System32\wintrust.dll

  0x75490000 \Windows\System32\msasn1.dll
 

Processes (total 79):

       0 System Idle Process

       4 System

     396 C:\Windows\System32\smss.exe

     516 csrss.exe

     592 C:\Windows\System32\wininit.exe

     608 csrss.exe

     652 C:\Windows\System32\services.exe

     668 C:\Windows\System32\lsass.exe

     676 C:\Windows\System32\lsm.exe

     776 C:\Windows\System32\svchost.exe

     852 C:\Windows\System32\winlogon.exe

     896 C:\Windows\System32\svchost.exe

     944 C:\Windows\System32\atiesrxx.exe

    1020 C:\Windows\System32\svchost.exe

    1084 C:\Windows\System32\svchost.exe

    1124 C:\Windows\System32\svchost.exe

    1168 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe

    1360 C:\Windows\System32\svchost.exe

    1436 C:\Windows\System32\hpservice.exe

    1504 C:\Windows\System32\atieclxx.exe

    1548 C:\Windows\System32\svchost.exe

    1752 C:\Windows\System32\spoolsv.exe

    1808 C:\Windows\System32\svchost.exe

    1908 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe

    1936 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    1964 C:\Program Files\Bonjour\mDNSResponder.exe

    2008 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

    2044 C:\Windows\System32\svchost.exe

     528 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

     672 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe

    1260 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

     456 C:\Windows\System32\IoctlSvc.exe

    2068 C:\Windows\System32\svchost.exe

    2156 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    2296 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    3556 C:\Windows\System32\svchost.exe

    3448 C:\Windows\System32\dwm.exe

    3472 C:\Windows\System32\taskhost.exe

    3648 C:\Windows\explorer.exe

    2912 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    2908 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    2928 C:\Program Files\IDT\WDM\sttray.exe

    2644 C:\Program Files\FreePDF_XP\fpassist.exe

    1396 C:\Windows\WindowsMobile\wmdc.exe

    1196 C:\Program Files\Common Files\Java\Java Update\jusched.exe

     200 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    1392 C:\Windows\System32\svchost.exe

    1252 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    3716 C:\Program Files\iTunes\iTunesHelper.exe

    3720 C:\Program Files\CyberLink\YouCam\YCMMirage.exe

    3736 C:\Program Files\CyberLink\YouCam\YouCam.exe

    3908 C:\Program Files\DivX\DivX Update\DivXUpdate.exe

    4008 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

    4020 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

     196 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

     408 C:\Program Files\Logitech\SetPoint\SetPoint.exe

    1972 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

    2396 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    1120 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    2952 WmiPrvSE.exe

    2356 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

    2612 C:\Windows\System32\SearchIndexer.exe

    3268 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    4120 C:\Program Files\Windows Media Player\wmpnetwk.exe

    4412 C:\Program Files\iPod\bin\iPodService.exe

    4832 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    5260 C:\Windows\System32\mobsync.exe

    5344 C:\Windows\System32\svchost.exe

    5472 C:\Windows\System32\svchost.exe

    4156 C:\Windows\System32\wuauclt.exe

    4984 C:\Program Files\Mozilla Firefox\firefox.exe

    3180 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

    5624 C:\Program Files\MirandaX Ardena\MirandaX-Ardena.exe

    3552 C:\Windows\System32\audiodg.exe

    5336 C:\Windows\System32\SearchProtocolHost.exe

    5300 C:\Windows\System32\SearchFilterHost.exe

    3896 C:\Users\Tim\Desktop\MBRCheck.exe

    1420 C:\Windows\System32\conhost.exe

    2320 C:\Windows\System32\dllhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`4a900000  (NTFS)
 

PhysicalDrive0 Model Number: WDC WD3200BEVS-60VAT0, Rev: 1.12
 

      Size  Device Name          MBR Status

  --------------------------------------------

    298 GB  \\.\PhysicalDrive0   RE: Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
 
 

Done!

Zitat:

298 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!