Trojaner-Board - Kaspersky gibt Virenwarnung, Malwarebyte zeigt keine Detektion

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Kaspersky gibt Virenwarnung, Malwarebyte zeigt keine Detektion (https://www.trojaner-board.de/91396-kaspersky-gibt-virenwarnung-malwarebyte-zeigt-keine-detektion.html)

Kaspersky gibt Virenwarnung, Malwarebyte zeigt keine Detektion

Hallo,

Ich habe ein Problem mit meinem PC und hoffe, dass ich an dieser Adresse hier richtig bin.
Und zwar hat sich vor 2 Wochen an meinem PC ein Trojaner installiert, der dann ein Popup namens Antivirus2010 auf meinen Desktop geworfen hat. Dieses Problem habe ich eigenständig gelöst bekommen, mein PC zeigt zur Zeit auch keine Symptomatik, bis auf die Tatsache, dass Kaspersky mir ständig Viren und Trojanerfunde ausspuck, die ich durch andere Programme nicht bestätigt bekomme!
Ich habe jetzt alle notwendigen Scans einmal laufen lassen, und würde mich freuen, wenn mir jemand von euch behilflich sein könnte und mich entweder entwarnen könnte, dass kein Problem mehr an meinem PC vorliegt, oder dass ich gerade ein akutes Sicherheitsproblem habe und nicht groß im Inet unterwegs sein sollte. Irgendwie ist mein PC im Moment eine große Baustelle :)

Vielen Dank schonmal,
Alexander

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Hallo,

Vielen Dank schonmal fürs antworten. Also mit Malwarebytes habe ich jetzt nichts gefunden, hier ist die OTL Log. Kaspersky spuckt allerdings mit seiner passiven Überwachung immer noch die selben Trojaner antworten aus, obwohl es manche der Ordner nicht mehr gibt und wenn ich z.B. die userint.exe direkt scanne, keine Trojanerwarnung kommt ?!

OTL Logfile:

Code:

OTL logfile created on: 04.10.2010 10:08:56 - Run 2

OTL by OldTimer - Version 3.2.14.1     Folder = C:\Dokumente und Einstellungen\Rashtagul\Desktop\MFTools

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

767,00 Mb Total Physical Memory | 423,00 Mb Available Physical Memory | 55,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 37,26 Gb Total Space | 8,67 Gb Free Space | 23,27% Space Free | Partition Type: NTFS

Drive D: | 111,80 Gb Total Space | 32,91 Gb Free Space | 29,44% Space Free | Partition Type: NTFS

Drive E: | 31,25 Gb Total Space | 12,62 Gb Free Space | 40,40% Space Free | Partition Type: NTFS

Drive F: | 6,01 Gb Total Space | 2,81 Gb Free Space | 46,75% Space Free | Partition Type: FAT32

Drive G: | 436,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ALEX

Current User Name: Rashtagul

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Rashtagul\Desktop\MFTools\OTL.exe (OldTimer Tools)

PRC - C:\Dokumente und Einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)

PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)

PRC - C:\Programme\Trust\Trust R-Series Mouse\KMWDSrv.exe (UASSOFT.COM)

PRC - C:\Programme\Trust\Trust R-Series Mouse\KMCONFIG.exe (UASSOFT.COM)

PRC - C:\Programme\Trust\Trust R-Series Mouse\KMProcess.exe (UASSOFT.COM)

PRC - C:\Programme\Trust\Trust R-Series Mouse\StartAutorun.exe (UASSOFT.COM)

PRC - c:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)

PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)

PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)

PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Rashtagul\Desktop\MFTools\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

SRV - (O&O Defrag) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)

SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (SandraDataSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe (SiSoftware)

SRV - (SandraTheSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe (SiSoftware)

SRV - (KMWDSERVICE) -- C:\Programme\Trust\Trust R-Series Mouse\KMWDSrv.exe (UASSOFT.COM)

SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)

SRV - (LVPrcSrv) -- c:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (ZDPSp50) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys File not found

DRV - (TTNETDVB) -- C:\WINDOWS\System32\DRIVERS\ttnetdvb.sys File not found

DRV - (SMCWGU(SMC)) SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC) -- C:\WINDOWS\System32\DRIVERS\SMCWGU.sys File not found

DRV - (saa7146) -- C:\WINDOWS\System32\DRIVERS\saa7146.sys File not found

DRV - (oreans32) -- C:\WINDOWS\System32\drivers\oreans32.sys File not found

DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys File not found

DRV - (aitbukne.dll) -- C:\WINDOWS\System32\aitbukne.dll File not found

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()

DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)

DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)

DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)

DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)

DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)

DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)

DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)

DRV - (KMWDFilter) -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS (Windows (R) Codename Longhorn DDK provider)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)

DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)

DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)

DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (SSHDRV84) -- C:\WINDOWS\system32\drivers\SSHDRV84.sys ()

DRV - (TT7146KS) TechnoTrend SAA7146 Capture (WDM) -- C:\WINDOWS\system32\drivers\TT7146KS.sys (TechnoTrend AG)

DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)

DRV - (TTLOOPHE) -- C:\WINDOWS\system32\drivers\ttloophe.sys (TechnoTrend AG)

DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)

DRV - (SAA7146n) TT DVB-PCI driver (SAA7146n) -- C:\WINDOWS\system32\drivers\saa7146n.sys (TechnoTrend AG)

DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)

DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMD033.sys (Sony Corporation)

DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)

DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)

DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)

DRV - (PfModNT) -- C:\WINDOWS\system32\PFMODNT.SYS (Creative Technology Ltd.)

DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - prefs.js..network.proxy.type: 4

 

 

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.04 15:51:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.09.19 14:17:47 | 000,000,000 | ---D | M]

 

[2010.04.14 14:11:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Extensions

[2010.04.14 14:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.05.28 19:59:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\extensions

[2009.09.02 15:23:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009.07.30 00:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2009.07.03 12:27:04 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

[2008.10.13 23:42:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2010.01.11 12:11:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.01.11 12:11:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010.05.26 21:53:42 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-1.xml

[2009.03.15 23:32:07 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-10.xml

[2009.04.13 15:06:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-11.xml

[2009.04.22 22:46:18 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-12.xml

[2009.04.29 16:00:06 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-13.xml

[2009.06.14 15:34:07 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-14.xml

[2009.07.23 00:27:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-15.xml

[2009.07.23 11:38:21 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-16.xml

[2009.07.30 12:57:59 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-17.xml

[2009.08.06 16:49:45 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-18.xml

[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-19.xml

[2008.02.12 01:45:15 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-2.xml

[2009.11.01 20:14:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-20.xml

[2009.12.19 13:17:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-21.xml

[2010.01.06 15:16:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-22.xml

[2010.02.26 21:36:24 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-23.xml

[2010.04.02 10:46:59 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-24.xml

[2008.04.20 15:36:29 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-3.xml

[2008.07.02 23:29:22 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-4.xml

[2008.07.16 20:42:01 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-5.xml

[2008.10.03 14:42:30 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-6.xml

[2008.11.17 00:55:15 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-7.xml

[2009.02.09 19:15:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-8.xml

[2009.02.09 20:18:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin-9.xml

[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin.gif

[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin.src

[2007.07.25 23:04:52 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Profiles\1ueaafb9.default\searchplugins\icqplugin.xml

[2010.05.28 20:01:21 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

 

O1 HOSTS File: ([2001.08.18 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [KernelFaultCheck]  File not found

O4 - HKLM..\Run: [KMCONFIG] C:\Programme\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95

O8 - Extra context menu item: Add to Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()

O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)

O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)

O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\Icq.exe (ICQ Inc.)

O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\Icq.exe (ICQ Inc.)

O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} hxxp://www.gomusic.ru/cabs/xdownloader.cab (DMList Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Desktop Hintergrund.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\Mozilla\Firefox\Desktop Hintergrund.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.12.25 13:52:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002.03.23 18:03:41 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002.12.13 14:03:24 | 000,679,936 | R--- | M] () - G:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2002.12.10 13:31:12 | 000,000,083 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{b177a2dc-9c93-11df-a668-00d05c000000}\Shell\AutoRun\command - "" = J:\Menu.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.09.29 17:21:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.09.29 17:20:46 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2010.09.29 17:06:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\MFTools

[2010.09.28 06:42:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Thomalla

[2010.09.27 19:37:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.09.27 19:37:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.09.19 14:26:33 | 000,000,000 | ---D | C] -- C:\key

[2010.09.19 14:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\KIs key

[2010.09.19 14:15:48 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab

[2010.09.19 14:15:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab

[2010.09.19 14:13:56 | 000,296,976 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2010.09.19 14:03:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files

[2010.09.19 13:57:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\KAspersky

[2010.09.18 06:39:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA

[2010.09.05 15:36:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rashtagul\Eigene Dateien\My Art

[2005.12.25 14:39:41 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.10.04 09:43:04 | 000,001,224 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1078145449-839522115-1003UA.job

[2010.10.04 08:12:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010.10.04 03:20:29 | 001,004,852 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.10.04 03:20:29 | 000,451,970 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.10.04 03:20:29 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.10.04 03:20:29 | 000,080,928 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.10.04 03:20:29 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.10.04 02:12:03 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010.10.03 23:49:45 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010.10.03 23:49:28 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2010.10.03 23:49:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.10.03 23:49:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.10.03 23:48:57 | 000,421,677 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor

[2010.10.03 23:46:56 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx

[2010.10.03 23:46:56 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx

[2010.10.03 23:46:56 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx

[2010.10.03 23:46:56 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx

[2010.10.03 23:46:56 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2010.10.03 23:46:56 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2010.10.03 23:46:56 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.dat

[2010.10.03 23:46:56 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000002-80651102}.dat

[2010.10.03 23:46:00 | 009,302,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\ntuser.dat

[2010.10.03 23:46:00 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\ntuser.ini

[2010.10.03 22:43:15 | 000,001,172 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1078145449-839522115-1003Core.job

[2010.10.03 20:12:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010.10.03 14:12:01 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010.10.03 14:12:01 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010.10.03 13:28:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.10.02 19:13:56 | 000,009,524 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Kaspersky.zip

[2010.10.02 11:59:11 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk

[2010.09.29 17:42:10 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\defogger_reenable

[2010.09.29 17:20:49 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\NTREGOPT.lnk

[2010.09.29 17:20:49 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\ERUNT.lnk

[2010.09.29 17:07:19 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Gmer.zip

[2010.09.29 17:07:19 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\defogger.exe

[2010.09.29 17:04:49 | 000,388,977 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Load.exe

[2010.09.27 19:37:43 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.24 14:47:00 | 000,002,396 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Google Chrome.lnk

[2010.09.22 21:54:36 | 000,126,976 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.09.20 22:46:14 | 000,682,831 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Ausarbeitung_CCLM_Bostel_Felix_Entwurf.odt

[2010.09.19 14:50:00 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2010.09.19 14:50:00 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2010.09.19 14:37:21 | 000,604,140 | -HS- | M] () -- C:\WINDOWS\System32\drivers\ISwift3.dat

[2010.09.19 14:13:56 | 000,296,976 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2010.09.19 13:22:18 | 000,000,718 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav

[2010.09.15 07:18:32 | 000,000,801 | ---- | M] () -- C:\WINDOWS\win.ini

[2010.09.15 07:17:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010.09.12 15:40:34 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\LPS-Stimulationsessay mit Tabelle, 10.09.10.xls

[2010.09.07 18:08:55 | 001,812,232 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Inflammasome_Netea et al 2009.pdf

[2010.09.06 18:22:27 | 001,088,128 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Re  Article about the Inflammasome.eml

[2010.09.06 18:21:43 | 000,786,139 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Annu Rev Immunol 2009 Martinon.pdf

[2010.09.06 17:40:23 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk

[2010.09.05 15:37:25 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt

[2010.09.04 17:05:35 | 009,239,754 | ---- | M] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\StefanieThieleDissertation.pdf

[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.10.02 19:13:56 | 000,009,524 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Kaspersky.zip

[2010.09.29 17:55:45 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\gmer.exe

[2010.09.29 17:41:48 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\defogger_reenable

[2010.09.29 17:20:49 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\NTREGOPT.lnk

[2010.09.29 17:20:49 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\ERUNT.lnk

[2010.09.29 17:06:50 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\defogger.exe

[2010.09.29 17:06:49 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Gmer.zip

[2010.09.29 17:04:48 | 000,388,977 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Load.exe

[2010.09.27 19:37:43 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.20 21:41:41 | 000,682,831 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Ausarbeitung_CCLM_Bostel_Felix_Entwurf.odt

[2010.09.19 14:37:21 | 000,604,140 | -HS- | C] () -- C:\WINDOWS\System32\drivers\ISwift3.dat

[2010.09.19 14:19:39 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

[2010.09.19 14:19:39 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

[2010.09.18 05:33:41 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav

[2010.09.12 15:32:15 | 000,020,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\LPS-Stimulationsessay mit Tabelle, 10.09.10.xls

[2010.09.07 18:08:52 | 001,812,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Inflammasome_Netea et al 2009.pdf

[2010.09.06 18:22:27 | 001,088,128 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Re  Article about the Inflammasome.eml

[2010.09.06 18:21:43 | 000,786,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\Annu Rev Immunol 2009 Martinon.pdf

[2010.09.04 17:05:29 | 009,239,754 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\StefanieThieleDissertation.pdf

[2010.07.19 22:02:49 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt

[2010.07.19 21:50:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2010.04.08 14:43:06 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll

[2008.10.30 21:35:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Change.dll

[2008.10.03 16:48:28 | 000,339,456 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll

[2008.07.18 16:29:38 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008.06.21 11:07:08 | 000,028,812 | ---- | C] () -- C:\WINDOWS\System32\cms32_nt.dll

[2008.06.21 11:07:07 | 000,017,732 | ---- | C] () -- C:\WINDOWS\System32\cms32_95.dll

[2008.06.21 11:07:07 | 000,012,050 | ---- | C] () -- C:\WINDOWS\System32\cms16.dll

[2008.06.16 16:08:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008.06.16 16:08:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2008.06.02 21:23:17 | 000,000,548 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\AutoGK.ini

[2008.04.17 10:08:56 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2008.04.17 10:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2007.11.06 23:05:49 | 000,001,267 | ---- | C] () -- C:\WINDOWS\DVB-TV.INI

[2007.10.29 00:15:49 | 000,000,752 | ---- | C] () -- C:\WINDOWS\TT_DVB_SAT.INI

[2007.10.21 11:41:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini

[2007.10.21 11:41:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2007.10.21 11:41:35 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2007.10.04 13:57:01 | 000,001,516 | ---- | C] () -- C:\WINDOWS\vtplus32.ini

[2007.10.04 13:56:43 | 000,031,786 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2007.10.04 13:54:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll

[2007.10.04 13:51:02 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll

[2007.10.04 13:50:12 | 000,002,114 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI

[2007.10.04 13:48:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\bdadll.dll

[2007.10.04 13:48:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2007.09.10 14:07:02 | 000,000,227 | ---- | C] () -- C:\WINDOWS\Missing.ini

[2007.09.01 13:03:32 | 000,016,709 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Anwendungsdaten\ekiga.conf

[2007.09.01 12:34:20 | 000,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2007.05.22 00:59:34 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll

[2007.03.18 13:18:46 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll

[2007.02.17 18:30:35 | 000,343,446 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Svclog.log

[2007.02.06 17:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2007.02.06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[2006.11.24 23:26:04 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll

[2006.10.20 20:51:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2006.10.16 13:41:45 | 000,000,149 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2006.10.16 13:41:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2006.10.16 13:37:39 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll

[2006.10.16 13:37:39 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2006.09.24 14:01:27 | 000,048,234 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006.09.04 11:27:00 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

[2006.08.21 15:46:14 | 000,000,235 | ---- | C] () -- C:\WINDOWS\BRAINBOX.INI

[2006.08.21 15:32:33 | 000,000,139 | ---- | C] () -- C:\WINDOWS\KMBJACK.INI

[2006.08.07 22:59:42 | 000,001,203 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006.08.07 22:56:30 | 000,000,290 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2006.07.10 23:13:06 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\TEVPXCW60.DLL

[2006.07.10 23:13:06 | 000,000,039 | ---- | C] () -- C:\WINDOWS\TDEVXCW60.DLL

[2006.07.10 23:13:06 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2006.06.10 10:58:48 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2006.06.01 11:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006.06.01 11:22:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006.06.01 11:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006.06.01 11:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006.06.01 11:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006.06.01 11:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006.05.31 00:39:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2006.03.12 15:06:53 | 000,000,457 | ---- | C] () -- C:\Programme\INSTALL.LOG

[2006.01.22 15:17:36 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV84.sys

[2006.01.03 12:19:29 | 000,126,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006.01.02 14:48:16 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005.12.25 14:40:49 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2005.12.25 14:39:55 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini

[2005.12.25 14:39:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2005.12.25 14:39:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

[2005.12.25 14:39:29 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2005.12.10 04:06:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005.07.12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2004.03.23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2001.08.18 14:00:00 | 000,533,568 | ---- | C] () -- C:\WINDOWS\System32\msfjaspn.dll

[2000.07.22 17:49:46 | 000,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:857F3067

@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:4F636E25

@Alternate Data Stream - 107 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:949483BD

@Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:507C73B7

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL Extras logfile created on: 04.10.2010 10:08:56 - Run 2

OTL by OldTimer - Version 3.2.14.1     Folder = C:\Dokumente und Einstellungen\Rashtagul\Desktop\MFTools

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

767,00 Mb Total Physical Memory | 423,00 Mb Available Physical Memory | 55,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 37,26 Gb Total Space | 8,67 Gb Free Space | 23,27% Space Free | Partition Type: NTFS

Drive D: | 111,80 Gb Total Space | 32,91 Gb Free Space | 29,44% Space Free | Partition Type: NTFS

Drive E: | 31,25 Gb Total Space | 12,62 Gb Free Space | 40,40% Space Free | Partition Type: NTFS

Drive F: | 6,01 Gb Total Space | 2,81 Gb Free Space | 46,75% Space Free | Partition Type: FAT32

Drive G: | 436,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ALEX

Current User Name: Rashtagul

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" = 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\FlashFXP\flashfxp.exe" = C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found

"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)

"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\FlashFXP\flashfxp.exe" = C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found

"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found

"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found

"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"D:\Gizmo\Gizmo Project\mDNSResponder.exe" = D:\Gizmo\Gizmo Project\mDNSResponder.exe:*:Enabled:Bonjour -- File not found

"C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- (SiSoftware)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found

"E:\pro Evolution Soccer 2008\PES2008.exe" = E:\pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008 -- File not found

"C:\Programme\Valve\hl.exe" = C:\Programme\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Programme\Valve\hlds.exe" = C:\Programme\Valve\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)

"E:\Programme\Azureus\Azureus.exe" = E:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)

"C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)

"C:\Programme\ICQ\Icq.exe" = C:\Programme\ICQ\Icq.exe:*:Enabled:ICQ -- (ICQ Inc.)

"C:\Dokumente und Einstellungen\Rashtagul\Desktop\Wiesseraldeer\Weisseradler-Script 1.071\mirc.exe" = C:\Dokumente und Einstellungen\Rashtagul\Desktop\Wiesseraldeer\Weisseradler-Script 1.071\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)

"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

"D:\Warcraft III\Warcraft III.exe" = D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- ()

"C:\Programme\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Programme\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08

"{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5

"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{34E89C10-3E14-4396-A58C-72047CD458AD}" = TMPGEnc 4.0 XPress

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{3DC5CD53-8BEE-4FD7-900E-3A5F02964251}" = WinTV Nexus

"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942

"{718666FC-C0A7-4DE7-9120-8F1746A90588}" = Trust R-Series Mouse

"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer

"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam

"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{8FB1A5EA-7DA8-4D57-80FB-BD923CCCC852}" = OpenOffice.org 2.1

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Live!

"{949576CE-4627-11D6-A7FE-0050FC21662B}" = Hotel Gigant

"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6

"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A44413DC-17D5-4F0B-A128-8B590B20323C}" = Windows Messenger 5.1

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch

"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite

"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XIIc

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress

"{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator

"{F00B1410-E832-4B0C-85E2-6E0F010C2A87}" = InterVideo FilterSDK for Techno Trend

"{F39A5F71-E8FD-96B7-58B7-C0E12D9F5FC5}" = Antivirus 2010

"{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}" = TMPGEnc Sound Player

"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)

"7-Zip" = 7-Zip 4.57

"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2005

"8461-7759-5462-8226" = Vuze

"Acoustica MP3 CD Burner" = Acoustica MP3 CD Burner

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"Adobe Shockwave Player" = Adobe Shockwave Player

"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind

"CAL" = Canon Camera Access Library

"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX

"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"CCleaner" = CCleaner

"Cicil 2007 - Elearning" = Cicil 2007 - Elearning

"CSCLIB" = Canon Camera Support Core Library

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"EAX Unified" = EAX Unified

"EOS Utility" = Canon Utilities EOS Utility

"ERUNT_is1" = ERUNT 1.1j

"ffdshow_is1" = ffdshow [rev 2019] [2008-06-22]

"FinePrint" = FinePrint

"Freiburger Histo-CD_is1" = Freiburger Histo-CD 3.1

"GMailFS" = GMail Drive Shell Extension

"GSpot" = GSpot Codec Information Appliance

"Hijack This_is1" = Hijack This 1.99.1

"HijackThis" = HijackThis 1.99.1

"ICQ" = ICQ

"ie8" = Windows Internet Explorer 8

"InstallShield_{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5

"InstallShield_{718666FC-C0A7-4DE7-9120-8F1746A90588}" = Trust R-Series Mouse

"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010

"InterActual Player" = InterActual Player

"lgx4.lgx.server" = G DATA Logox 4 Speechengine

"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)

"NVIDIA Drivers" = NVIDIA Drivers

"Pdf995" = Pdf995

"PhotoStitch" = Canon Utilities PhotoStitch

"Primal Pictures Interactive Spine" = Primal Pictures Interactive Spine

"QcDrv" = Logitech® Camera-Treiber

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RealPlayer 6.0" = RealPlayer

"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX

"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper

"RouterControl" = RouterControl 1.91

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"ToolbarICQToolbar.ICQToolbarObjectIEToolbar" = ICQ  Toolbar

"TrueCrypt" = TrueCrypt

"VLC media player" = VideoLAN VLC media player 0.8.6h

"VobSub" = VobSub v2.23 (Remove Only)

"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)

"WebLab Viewer" = WebLab Viewer

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment

"ws4.webspeech" = G DATA WebSpeech 4

"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"pdfsam" = pdfsam

"Warcraft III" = Warcraft III

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 29.09.2010 16:43:15 | Computer Name = ALEX | Source = Google Update | ID = 20

Description = 

 

Error - 29.09.2010 17:43:14 | Computer Name = ALEX | Source = Google Update | ID = 20

Description = 

 

Error - 29.09.2010 18:43:20 | Computer Name = ALEX | Source = Google Update | ID = 20

Description = 

 

Error - 29.09.2010 19:43:14 | Computer Name = ALEX | Source = Google Update | ID = 20

Description = 

 

Error - 29.09.2010 20:43:14 | Computer Name = ALEX | Source = Google Update | ID = 20

Description = 

 

Error - 29.09.2010 21:43:22 | Computer Name = ALEX | Source = Google Update | ID = 20

Description = 

 

Error - 29.09.2010 22:43:14 | Computer Name = ALEX | Source = Google Update | ID = 20

Description = 

 

Error - 29.09.2010 23:43:14 | Computer Name = ALEX | Source = Google Update | ID = 20

Description = 

 

Error - 30.09.2010 00:43:14 | Computer Name = ALEX | Source = Google Update | ID = 20

Description = 

 

Error - 30.09.2010 01:43:14 | Computer Name = ALEX | Source = Google Update | ID = 20

Description = 

 

[ System Events ]

Error - 04.10.2010 04:35:24 | Computer Name = ALEX | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 04.10.2010 04:35:30 | Computer Name = ALEX | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 04.10.2010 04:35:35 | Computer Name = ALEX | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 04.10.2010 04:35:41 | Computer Name = ALEX | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 04.10.2010 04:35:47 | Computer Name = ALEX | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 04.10.2010 04:35:55 | Computer Name = ALEX | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 04.10.2010 04:36:00 | Computer Name = ALEX | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 04.10.2010 04:36:06 | Computer Name = ALEX | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 04.10.2010 04:36:12 | Computer Name = ALEX | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 04.10.2010 04:36:18 | Computer Name = ALEX | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

 

< End of report >

--- --- ---

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

DRV - (ZDPSp50) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys File not found

DRV - (TTNETDVB) -- C:\WINDOWS\System32\DRIVERS\ttnetdvb.sys File not found

DRV - (saa7146) -- C:\WINDOWS\System32\DRIVERS\saa7146.sys File not found

DRV - (oreans32) -- C:\WINDOWS\System32\drivers\oreans32.sys File not found

DRV - (aitbukne.dll) -- C:\WINDOWS\System32\aitbukne.dll File not found

DRV - (SSHDRV84) -- C:\WINDOWS\system32\drivers\SSHDRV84.sys ()

O32 - AutoRun File - [2002.03.23 18:03:41 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002.12.13 14:03:24 | 000,679,936 | R--- | M] () - G:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2002.12.10 13:31:12 | 000,000,083 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{b177a2dc-9c93-11df-a668-00d05c000000}\Shell\AutoRun\command - "" = J:\Menu.exe -- File not found

[2010.09.19 14:26:33 | 000,000,000 | ---D | C] -- C:\key

[2010.09.19 14:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rashtagul\Desktop\KIs key

@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:857F3067

@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:4F636E25

@Alternate Data Stream - 107 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:949483BD

@Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:507C73B7

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Vielen Dank schonmal für die Hilfe!

Wie sieht denn das weitere Procedere aus?
Im zweiten Zitat sind nochmals die aktuellen Kaspersky Funde, die sich auch immer wieder bestätigen, obwohl ich die Dateien weder finden, noch den Ordner öffnen kann, da ich ihn bereits gelöscht habe!

Code:

All processes killed

========== OTL ==========

Error: No service named ZDPSp50 was found to stop!

Service\Driver key ZDPSp50 not found.

File  C:\WINDOWS\System32\Drivers\ZDPSp50.sys File not found not found.

Error: No service named TTNETDVB was found to stop!

Service\Driver key TTNETDVB not found.

File  C:\WINDOWS\System32\DRIVERS\ttnetdvb.sys File not found not found.

Error: No service named saa7146 was found to stop!

Service\Driver key saa7146 not found.

File  C:\WINDOWS\System32\DRIVERS\saa7146.sys File not found not found.

Error: No service named oreans32 was found to stop!

Service\Driver key oreans32 not found.

File  C:\WINDOWS\System32\drivers\oreans32.sys File not found not found.

Error: No service named aitbukne.dll was found to stop!

Service\Driver key aitbukne.dll not found.

File  C:\WINDOWS\System32\aitbukne.dll File not found not found.

Error: No service named SSHDRV84 was found to stop!

Service\Driver key SSHDRV84 not found.

File  C:\WINDOWS\system32\drivers\SSHDRV84.sys  not found.

File D:\AUTOEXEC.BAT not found.

File G:\Autorun.exe not found.

File G:\Autorun.inf not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b177a2dc-9c93-11df-a668-00d05c000000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b177a2dc-9c93-11df-a668-00d05c000000}\ not found.

File J:\Menu.exe not found.

Folder C:\key\ not found.

Folder C:\Dokumente und Einstellungen\Rashtagul\Desktop\KIs key\ not found.

Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:857F3067 .

Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:4F636E25 .

Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:949483BD .

Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:507C73B7 .

========== COMMANDS ==========

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Rashtagul

->Temp folder emptied: 20553614 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 5330 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 210296093 bytes

->Flash cache emptied: 1907 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2944723945 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 3.029,00 mb

 

 

OTL by OldTimer - Version 3.2.14.1 log created on 10052010_122711
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Code:

05.10.2010 00:26:21        Detected: HEUR:Trojan.Win32.Generic        Kaspersky Internet Security                C:\System Volume Information\_restore{C9D02526-BB34-4C5C-948E-699B7186FFCA}\RP1074\A0217840.sys                        

05.10.2010 00:26:22        Detected: Trojan.Win32.FraudPack.blbo        Kaspersky Internet Security                C:\WINDOWS\system32\us?rinit.exe                        

05.10.2010 00:26:23        Detected: Trojan.Win32.FraudPack.blbo        Kaspersky Internet Security                C:\Dokumente und Einstellungen\Rashtagul\Lokale Einstellungen\Temp\xmuqper.exe                        

05.10.2010 00:26:23        Detected: Trojan.Win32.FraudPack.blbo        Kaspersky Internet Security                C:\Dokumente und Einstellungen\Rashtagul\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2JBXM6J5\lpkez[3].htm                        

05.10.2010 00:26:24        Detected: Trojan.Win32.FraudPack.blbo        Kaspersky Internet Security                C:\System Volume Information\_restore{C9D02526-BB34-4C5C-948E-699B7186FFCA}\RP1076\A0219025.exe                        

05.10.2010 00:27:36        Detected: HEUR:Worm.Win32.Generic        Kaspersky Internet Security                D:\Scannnprogz\Archive\Retina49141Demo.exe/WISE0158.BIN                        

05.10.2010 00:27:37        Detected: Net-Worm.Win32.Kolab.gpz        Kaspersky Internet Security                D:\Scannnprogz\Archive\Retina49141Demo.exe/WISE0164.BIN                        

05.10.2010 00:27:42        Detected: HEUR:Worm.Win32.Generic        Kaspersky Internet Security                D:\Scannnprogz\Archive\Retina49141Demo.exe/WISE0204.BIN                        

05.10.2010 00:28:02        Detected: Exploit.HTML.Mht        Kaspersky Internet Security                E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Quarantine\7AD5686C.htm/CryptFF                        

05.10.2010 11:36:36        Protection is not running        Kaspersky Internet Security                                        

05.10.2010 12:12:39        Detected: HEUR:Trojan.Win32.Generic        Kaspersky Internet Security                C:\System Volume Information\_restore{C9D02526-BB34-4C5C-948E-699B7186FFCA}\RP1074\A0217840.sys                        

05.10.2010 12:12:42        Detected: Trojan.Win32.FraudPack.blbo        Kaspersky Internet Security                C:\WINDOWS\system32\us?rinit.exe                        

05.10.2010 12:12:43        Detected: Trojan.Win32.FraudPack.blbo        Kaspersky Internet Security                C:\Dokumente und Einstellungen\Rashtagul\Lokale Einstellungen\Temp\xmuqper.exe                        

05.10.2010 12:12:44        Detected: Trojan.Win32.FraudPack.blbo        Kaspersky Internet Security                C:\Dokumente und Einstellungen\Rashtagul\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2JBXM6J5\lpkez[3].htm                        

05.10.2010 12:12:45        Detected: Trojan.Win32.FraudPack.blbo        Kaspersky Internet Security                C:\System Volume Information\_restore{C9D02526-BB34-4C5C-948E-699B7186FFCA}\RP1076\A0219025.exe                        

05.10.2010 12:13:51        Detected: HEUR:Worm.Win32.Generic        Kaspersky Internet Security                D:\Scannnprogz\Archive\Retina49141Demo.exe/WISE0158.BIN                        

05.10.2010 12:13:53        Detected: Net-Worm.Win32.Kolab.gpz        Kaspersky Internet Security                D:\Scannnprogz\Archive\Retina49141Demo.exe/WISE0164.BIN                        

05.10.2010 12:13:56        Detected: HEUR:Worm.Win32.Generic        Kaspersky Internet Security                D:\Scannnprogz\Archive\Retina49141Demo.exe/WISE0204.BIN                        

05.10.2010 12:14:05        Detected: Exploit.HTML.Mht        Kaspersky Internet Security                E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Quarantine\7AD5686C.htm/CryptFF

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hi,

also er meinte immer, dass antivir laufen würde, dass habe ich aber schon seit meiner Kaspersky Installation direkt nach dem Virus gelöscht, habe auch keinen entsprechenden Prozess gefunden und das Programmverzeichnis existierte ebenfalls nicht mehr. Ich weiß somit leider nicht , was er da mit Antivir für ein Problem hatte!
Anbei die combofix log:

Combofix Logfile:

Code:

ComboFix 10-10-05.01 - Rashtagul 06.10.2010   0:49.1.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.767.443 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Rashtagul\Desktop\Cofi.exe

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00DA-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C}

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\All Users\Anwendungsdaten\.wtav

c:\programme\INSTALL.LOG

c:\windows\system32\SysPr.prx

D:\nc.exe
 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_USERINIT
 
 

(((((((((((((((((((((((   Dateien erstellt von 2010-09-05 bis 2010-10-05  ))))))))))))))))))))))))))))))

.
 

2010-10-05 00:16 . 2010-10-05 00:16        --------        d-----w-        C:\_OTL

2010-09-29 15:20 . 2010-09-29 15:21        --------        d-----w-        c:\programme\ERUNT

2010-09-27 17:37 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-27 17:37 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-09-19 12:54 . 2010-09-24 13:06        932368        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll

2010-09-19 12:54 . 2010-09-24 13:06        678416        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll

2010-09-19 12:54 . 2010-09-24 13:06        604688        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll

2010-09-19 12:54 . 2010-09-24 13:05        1096208        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll

2010-09-19 12:54 . 2010-09-24 13:05        522768        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll

2010-09-19 12:50 . 2010-09-19 12:50        797200        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\updater.dll

2010-09-19 12:50 . 2010-09-19 12:50        166416        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\prloader.dll

2010-09-19 12:50 . 2010-09-19 12:50        80400        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll

2010-09-19 12:15 . 2010-10-05 22:14        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab

2010-09-19 12:15 . 2010-09-19 12:15        --------        d-----w-        c:\programme\Kaspersky Lab

2010-09-19 12:03 . 2010-09-19 12:03        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files

2010-09-18 04:39 . 2010-09-18 04:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-05 23:21 . 2007-02-18 02:09        24        ----a-w-        c:\windows\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.dat

2010-10-05 23:21 . 2007-02-18 02:09        24        ----a-w-        c:\windows\system32\DVCState-{00000002-00000000-00000001-00001102-00000002-80651102}.dat

2010-10-05 22:23 . 2010-04-02 09:47        --------        d-----w-        c:\programme\CCleaner

2010-10-05 10:19 . 2010-04-14 12:10        --------        d-----w-        c:\programme\Mozilla Thunderbird

2010-10-04 01:20 . 2001-08-18 12:00        80928        ----a-w-        c:\windows\system32\perfc007.dat

2010-10-04 01:20 . 2001-08-18 12:00        451970        ----a-w-        c:\windows\system32\perfh007.dat

2010-10-02 19:39 . 2007-08-28 16:44        --------        d-----w-        c:\dokumente und einstellungen\Rashtagul\Anwendungsdaten\Skype

2010-10-02 16:57 . 2007-02-16 22:12        --------        d-----w-        c:\programme\Hijack This

2010-10-02 14:09 . 2009-12-03 17:19        --------        d-----w-        c:\dokumente und einstellungen\Rashtagul\Anwendungsdaten\skypePM

2010-09-29 15:04 . 2007-01-18 15:56        --------        d-----w-        c:\dokumente und einstellungen\Rashtagul\Anwendungsdaten\OpenOffice.org2

2010-09-27 17:37 . 2009-12-08 13:46        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-09-19 12:50 . 2010-09-19 12:50        80400        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll

2010-09-19 12:50 . 2010-09-19 12:50        303376        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\avp.exe

2010-09-19 12:50 . 2010-09-19 12:50        264720        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll

2010-09-19 12:50 . 2010-09-19 12:50        129552        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll

2010-09-19 12:50 . 2010-09-19 12:19        97549        ----a-w-        c:\windows\system32\drivers\klick.dat

2010-09-19 12:50 . 2010-09-19 12:19        113933        ----a-w-        c:\windows\system32\drivers\klin.dat

2010-09-19 12:49 . 2010-09-19 12:49        797272        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\updater.dll

2010-09-19 12:49 . 2010-09-19 12:49        170584        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\prloader.dll

2010-09-19 12:49 . 2010-09-19 12:49        311680        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\avp.exe

2010-09-19 12:49 . 2010-09-19 12:49        59920        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll

2010-09-19 12:49 . 2010-09-19 12:49        264720        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll

2010-09-19 12:49 . 2010-09-19 12:49        129624        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll

2010-09-19 12:49 . 2010-09-19 12:49        109072        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll

2010-09-19 12:37 . 2010-09-19 12:37        604140        --sha-w-        c:\windows\system32\drivers\ISwift3.dat

2010-08-23 13:13 . 2010-08-23 10:53        --------        d-----w-        c:\programme\FreeMind

2010-08-17 13:17 . 2001-08-18 12:00        58880        ----a-w-        c:\windows\system32\spoolsv.exe

2010-08-13 14:37 . 2010-08-13 14:37        --------        d-----w-        c:\dokumente und einstellungen\Rashtagul\Anwendungsdaten\Samsung

2010-08-09 20:17 . 2010-07-24 19:48        19107        ----a-w-        c:\windows\War3Unin.dat

2010-07-24 19:48 . 2010-07-24 19:48        2829        ----a-w-        c:\windows\War3Unin.pif

2010-07-24 19:48 . 2010-07-24 19:48        126976        ----a-w-        c:\windows\War3Unin.exe

2010-07-22 15:48 . 2006-01-04 12:48        590848        ----a-w-        c:\windows\system32\rpcrt4.dll

2010-07-22 06:19 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\dokumente und einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2010-04-08 136176]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefPrt"="c:\programme\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]

"ControlCenter2.0"="c:\programme\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]

"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2007-10-30 507904]

"KMCONFIG"="c:\programme\Trust\Trust R-Series Mouse\StartAutorun.exe" [2007-03-06 212992]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"avp"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-09-19 311680]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

Status Monitor.lnk - c:\programme\Brother\Brmfcmon\BrMfcWnd.exe [2007-10-20 802816]
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0OODBS
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoStart IR.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk

backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SMCWUSB-G 802.11g Wireless USB Utility.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\SMCWUSB-G 802.11g Wireless USB Utility.lnk

backup=c:\windows\pss\SMCWUSB-G 802.11g Wireless USB Utility.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Rashtagul^Startmenü^Programme^Autostart^Adobe Gamma.lnk]

path=c:\dokumente und einstellungen\Rashtagul\Startmenü\Programme\Autostart\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Rashtagul^Startmenü^Programme^Autostart^Ekiga.lnk]

path=c:\dokumente und einstellungen\Rashtagul\Startmenü\Programme\Autostart\Ekiga.lnk

backup=c:\windows\pss\Ekiga.lnkStartup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Rashtagul^Startmenü^Programme^Autostart^OpenOffice.org 2.1.lnk]

path=c:\dokumente und einstellungen\Rashtagul\Startmenü\Programme\Autostart\OpenOffice.org 2.1.lnk

backup=c:\windows\pss\OpenOffice.org 2.1.lnkStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04        35760        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-08-08 12:11        490952        ----a-w-        c:\programme\DAEMON Tools Lite\daemon.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-03-05 15:32        1135912        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HCWemmon]

2007-03-29 21:22        61440        -c--a-w-        c:\windows\hcwemMON.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2010-05-03 13:27        133368        ----a-w-        c:\programme\ICQ7.1\ICQ.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

2001-11-29 00:00        28672        ----a-w-        c:\programme\Creative\SBLive\Program\ADGJDet.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2007-02-07 23:12        488984        ----a-w-        c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-02-07 23:13        774168        ----a-w-        c:\programme\Logitech\QuickCam10\QuickCam10.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]

2003-10-14 16:36        38984        ----a-w-        c:\progra~1\ICQ\ICQNet.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2007-04-11 23:43        1661304        ----a-w-        c:\programme\Messenger\Msmsgs.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-06-01 09:22        7618560        ----a-w-        c:\windows\system32\nvcpl.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-06-01 09:22        86016        ----a-w-        c:\windows\system32\nvmctray.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-06-01 09:22        1519616        ----a-w-        c:\windows\system32\nwiz.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]

2009-09-11 22:34        2524416        ----a-w-        c:\programme\OO Software\Defrag\oodtray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RouterControl]

2008-04-14 18:51        3179520        ----a-w-        c:\progra~1\ROUTER~1\RouterControl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2006-06-01 13:40        180269        ----a-w-        c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 00:00        90112        -c----w-        c:\windows\Updreg.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

2002-07-02 09:56        24576        ----a-w-        c:\windows\system32\CTHELPER.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"DAEMON Tools"="c:\programme\DAEMON Tools\daemon.exe" -lang 1033
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Programme\\Messenger\\Msmsgs.exe"=

"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"=

"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Programme\\Valve\\hl.exe"=

"c:\\Programme\\Valve\\hlds.exe"=

"e:\\Programme\\Azureus\\Azureus.exe"=

"c:\\Programme\\Vuze\\Azureus.exe"=

"c:\\Programme\\ICQ\\Icq.exe"=

"c:\\Dokumente und Einstellungen\\Rashtagul\\Desktop\\Wiesseraldeer\\Weisseradler-Script 1.071\\mirc.exe"=

"c:\\Programme\\ICQ7.1\\ICQ.exe"=

"c:\\Programme\\ICQ7.1\\aolload.exe"=

"d:\\Warcraft III\\Warcraft III.exe"=

"c:\\Programme\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)
 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\programme\Trust\Trust R-Series Mouse\KMWDSrv.exe [09.06.2007 00:23 208896]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 17:46 31760]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 20:59 19472]

R3 SAA7146n;TT DVB-PCI driver (SAA7146n);c:\windows\system32\drivers\saa7146n.sys [13.09.2004 11:13 65840]

R3 TTLOOPHE;Virtual DVB-S/-C/-T Network Adapter Driver;c:\windows\system32\drivers\ttloophe.sys [08.11.2004 19:44 39284]

S0 qpxvi;qpxvi; [x]

S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\DRIVERS\SMCWGU.sys --> c:\windows\system32\DRIVERS\SMCWGU.sys [?]

S3 TT7146KS;TechnoTrend SAA7146 Capture (WDM);c:\windows\system32\drivers\TT7146KS.sys [23.05.2005 09:48 80384]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02.01.2006 14:37 717296]

.

Inhalt des "geplante Tasks" Ordners
 

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1078145449-839522115-1003Core.job

- c:\dokumente und einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-04-08 16:32]
 

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1078145449-839522115-1003UA.job

- c:\dokumente und einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-04-08 16:32]
 

2010-10-05 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-28 20:18]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

mStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Read with DeskBot

IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\programme\ICQ7.1\ICQ.exe

IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - hxxp://www.gomusic.ru/cabs/xdownloader.cab

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

MSConfigStartUp-ccApp - c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

MSConfigStartUp-EPGServiceTool - c:\progra~1\WinTV\EPGSER~1\System\EPGCLI~1.EXE

MSConfigStartUp-Eraser - c:\programme\Eraser\eraser.exe

MSConfigStartUp-Gainward - c:\windows\TBPanel.exe

MSConfigStartUp-Gizmo Project - d:\gizmo\Gizmo Project\Gizmo.exe

MSConfigStartUp-ICQ Lite - c:\programme\ICQLite\ICQLite.exe

MSConfigStartUp-MMReminderService - c:\programme\Mindjet\MindManager 6\MMReminderService.exe

MSConfigStartUp-PaperPort PTD - c:\programme\ScanSoft\PaperPort\pptd40nt.exe

MSConfigStartUp-pdfSaver3 - c:\programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe

MSConfigStartUp-ServUTrayIcon - c:\progra~1\RHINOS~1.COM\Serv-U\SERV-U~1.EXE

MSConfigStartUp-SSBkgdUpdate - c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

MSConfigStartUp-ToADiMon - c:\programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe

MSConfigStartUp-WengoPhoneNG - d:\wengophone\qtwengophone.exe

AddRemove-Primal Pictures Interactive Spine - l:\primal pictures\Interactive Spine\Uninst.isu
 
 

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG12.00.00.01PROFESSIONAL"="047037BEE49DFDC56081B5D37F04533E678ED497F2895DAED44108DC37658F6F047287395140D8FCA6053B460C7BD1E60F13332EC8C1FC84FE6AB50FDF6F9F0094DBD4AD0C4621AEC0D01FF26BEDFAB54BC054388BD03D0A67FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794A6A0AC4980AC7933D110DD2C68822E4AB052AC59E86111D572DCA51CC65EC2FE11C00F2071D33F396BB1DEDA0A55E138323E879A38B75305A41C17264C1F5D269B7EACE73724F9D2E58934304B06443EF7417801D36EA8EB649D05EFF63E7213AB9ED40FED79A59BD57AD1700331A11CE1D72AB26F081F7AFE176C9FF6CBF70A9BAD785BE08B3945420D40223C559894C4A4D91573F09CA5B564609EB0B8B44EBBDE20D714760607296C9A1134589AEFE9E958567A75D7653F0206193C5C47AA4E0A66D1BA382B1CF8E8134B5F0371F88F918B66D3465D374612980067F09F6C0AAAFB5CBFB421C296F5EBA5E180B400E4296BF883798C1CE75B660BB19402E59ADD224DC0B4AEBDD92CFE3518E1555810E18606C1889817B74651AF4FC988EB1FE7323E8EE173D30EC6B758909C155A2A0FFDCAF8CF8AB1B86150AE29761FD8A9AF160E2FCC60CE73A7162A8B870AE1BF2B864649123DF8675EEC86DCE5860942BECDDD5C683C7E3F4F309082DE21CCD1D26A3C86F360FDB11445FC39C554DFE3C5EB15038A9FB518E7AB321E44177FD545053737FE78D378FA0C9BC32970C17C9698DD4471F8C91ABDC6793EBB00E3B4694A0017A1DB1592B287303507971970A88E25763B8A95D6BED19674AD42E14BC73D29962B375D4AFA124A79B75AD316951D1DA36B6979D001307C07E5986CE90DF78658530C4C5C3C99C032FA2062381EA7BC08E80055003B5961F19511F4578927B03431AB87FB7E212BB1F31D3B1624A4BE17FE8A13D1485BC0615010F3CAB28D023644BD38CF6F3EE78228E1D763AE219FF3DD1C1B252AD65ABA8FCA6573A1FE1B1DEB400B6FE21B97DF014EB546E8BA2379199ADBCD04FD3191AE4DC87013E561DC6F01AF6B4DF61F3CCE1656DAA2A54EB4A6BF49149D990CB26E75215767BEFC1D77A55B44C823A83AC24240AE4C29EBE76498D9B4E287F61C7375F5B0A31B58B7912446F09306A0B2F3B0FBC5FD1F8A080F07075F6336BFFE4756D4FA7120A53FAD492ED90F1A3733DA919896F279FABE4BC25038D32B7A44D370CAA51E8757F4A333D1DFC16DE37BD8E9278C8A39D36921D239D60BFD7E846BF36E16191EA651ABD8F852D4235D7FAE913C074676EF1A7A16464786DB668EC0E3D4A678458FFEE2FEE87897F023680337F2D7CE5C6D9528BD0509648491E56E151A237372D1DE4CC2EF0CF92174136159"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'explorer.exe'(5624)

c:\programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll

c:\windows\system32\webcheck.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\brss01a.exe

c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe

c:\windows\System32\CTsvcCDA.exe

c:\programme\Cisco Systems\VPN Client\cvpnd.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Trust\Trust R-Series Mouse\KMConfig.exe

c:\programme\Trust\Trust R-Series Mouse\KMProcess.exe

c:\windows\system32\nvsvc32.exe

c:\programme\OO Software\Defrag\oodag.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\wdfmgr.exe

c:\windows\System32\MsPMSPSv.exe

c:\programme\Canon\CAL\CALMAIN.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-10-06  01:44:45 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-10-05 23:44
 

Vor Suchlauf: 5.500.694.528 Bytes frei

Nach Suchlauf: 9.456.799.744 Bytes frei
 

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 3FDE69C5DDC18629F833740D71DE3015

--- --- ---

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Filelook::

c:\windows\system32\drivers\ISwift3.dat
 

Driver::

qpxvi

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

So hier das aktuelle Logfile:

[Code]

Combofix Logfile:

Code:

ComboFix 10-10-05.06 - Rashtagul 06.10.2010  17:23:48.2.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.767.292 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Rashtagul\Desktop\Cofi.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Rashtagul\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00DA-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C}

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_QPXVI

-------\Service_qpxvi
 
 

(((((((((((((((((((((((   Dateien erstellt von 2010-09-06 bis 2010-10-06  ))))))))))))))))))))))))))))))

.
 

2010-10-06 15:05 . 2010-10-06 15:05        --------        d-----w-        C:\Cofi

2010-10-05 00:16 . 2010-10-05 00:16        --------        d-----w-        C:\_OTL

2010-09-29 15:20 . 2010-09-29 15:21        --------        d-----w-        c:\programme\ERUNT

2010-09-27 17:37 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-27 17:37 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-09-19 12:54 . 2010-09-24 13:06        932368        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll

2010-09-19 12:54 . 2010-09-24 13:06        678416        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll

2010-09-19 12:54 . 2010-09-24 13:06        604688        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll

2010-09-19 12:54 . 2010-09-24 13:05        1096208        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll

2010-09-19 12:54 . 2010-09-24 13:05        522768        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll

2010-09-19 12:50 . 2010-09-19 12:50        797200        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\updater.dll

2010-09-19 12:50 . 2010-09-19 12:50        166416        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\prloader.dll

2010-09-19 12:50 . 2010-09-19 12:50        80400        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll

2010-09-19 12:15 . 2010-10-06 11:18        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab

2010-09-19 12:15 . 2010-09-19 12:15        --------        d-----w-        c:\programme\Kaspersky Lab

2010-09-19 12:03 . 2010-09-19 12:03        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files

2010-09-18 04:39 . 2010-09-18 04:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-06 16:00 . 2007-02-18 02:09        24        ----a-w-        c:\windows\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.dat

2010-10-06 16:00 . 2007-02-18 02:09        24        ----a-w-        c:\windows\system32\DVCState-{00000002-00000000-00000001-00001102-00000002-80651102}.dat

2010-10-06 11:18 . 2010-04-14 12:10        --------        d-----w-        c:\programme\Mozilla Thunderbird

2010-10-05 22:23 . 2010-04-02 09:47        --------        d-----w-        c:\programme\CCleaner

2010-10-04 01:20 . 2001-08-18 12:00        80928        ----a-w-        c:\windows\system32\perfc007.dat

2010-10-04 01:20 . 2001-08-18 12:00        451970        ----a-w-        c:\windows\system32\perfh007.dat

2010-10-02 19:39 . 2007-08-28 16:44        --------        d-----w-        c:\dokumente und einstellungen\Rashtagul\Anwendungsdaten\Skype

2010-10-02 16:57 . 2007-02-16 22:12        --------        d-----w-        c:\programme\Hijack This

2010-10-02 14:09 . 2009-12-03 17:19        --------        d-----w-        c:\dokumente und einstellungen\Rashtagul\Anwendungsdaten\skypePM

2010-09-29 15:04 . 2007-01-18 15:56        --------        d-----w-        c:\dokumente und einstellungen\Rashtagul\Anwendungsdaten\OpenOffice.org2

2010-09-27 17:37 . 2009-12-08 13:46        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-09-19 12:50 . 2010-09-19 12:50        80400        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll

2010-09-19 12:50 . 2010-09-19 12:50        303376        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\avp.exe

2010-09-19 12:50 . 2010-09-19 12:50        264720        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll

2010-09-19 12:50 . 2010-09-19 12:50        129552        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll

2010-09-19 12:50 . 2010-09-19 12:19        97549        ----a-w-        c:\windows\system32\drivers\klick.dat

2010-09-19 12:50 . 2010-09-19 12:19        113933        ----a-w-        c:\windows\system32\drivers\klin.dat

2010-09-19 12:49 . 2010-09-19 12:49        797272        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\updater.dll

2010-09-19 12:49 . 2010-09-19 12:49        170584        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\prloader.dll

2010-09-19 12:49 . 2010-09-19 12:49        311680        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\avp.exe

2010-09-19 12:49 . 2010-09-19 12:49        59920        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll

2010-09-19 12:49 . 2010-09-19 12:49        264720        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll

2010-09-19 12:49 . 2010-09-19 12:49        129624        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll

2010-09-19 12:49 . 2010-09-19 12:49        109072        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll

2010-09-19 12:37 . 2010-09-19 12:37        604140        --sha-w-        c:\windows\system32\drivers\ISwift3.dat

2010-08-23 13:13 . 2010-08-23 10:53        --------        d-----w-        c:\programme\FreeMind

2010-08-17 13:17 . 2001-08-18 12:00        58880        ----a-w-        c:\windows\system32\spoolsv.exe

2010-08-13 14:37 . 2010-08-13 14:37        --------        d-----w-        c:\dokumente und einstellungen\Rashtagul\Anwendungsdaten\Samsung

2010-08-09 20:17 . 2010-07-24 19:48        19107        ----a-w-        c:\windows\War3Unin.dat

2010-07-24 19:48 . 2010-07-24 19:48        2829        ----a-w-        c:\windows\War3Unin.pif

2010-07-24 19:48 . 2010-07-24 19:48        126976        ----a-w-        c:\windows\War3Unin.exe

2010-07-22 15:48 . 2006-01-04 12:48        590848        ----a-w-        c:\windows\system32\rpcrt4.dll

2010-07-22 06:19 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll

.
 

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.
 

--- c:\windows\system32\drivers\ISwift3.dat ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File size: 604140

Created time: 2010-09-19 12:37

Modified time: 2010-09-19 12:37

MD5: !HASH: COULD NOT OPEN FILE !!!!!

SHA1: !HASH: COULD NOT OPEN FILE !!!!!
 
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\dokumente und einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2010-04-08 136176]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefPrt"="c:\programme\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]

"ControlCenter2.0"="c:\programme\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]

"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2007-10-30 507904]

"KMCONFIG"="c:\programme\Trust\Trust R-Series Mouse\StartAutorun.exe" [2007-03-06 212992]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"avp"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-09-19 311680]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

Status Monitor.lnk - c:\programme\Brother\Brmfcmon\BrMfcWnd.exe [2007-10-20 802816]
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0OODBS
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoStart IR.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk

backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SMCWUSB-G 802.11g Wireless USB Utility.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\SMCWUSB-G 802.11g Wireless USB Utility.lnk

backup=c:\windows\pss\SMCWUSB-G 802.11g Wireless USB Utility.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Rashtagul^Startmenü^Programme^Autostart^Adobe Gamma.lnk]

path=c:\dokumente und einstellungen\Rashtagul\Startmenü\Programme\Autostart\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Rashtagul^Startmenü^Programme^Autostart^Ekiga.lnk]

path=c:\dokumente und einstellungen\Rashtagul\Startmenü\Programme\Autostart\Ekiga.lnk

backup=c:\windows\pss\Ekiga.lnkStartup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Rashtagul^Startmenü^Programme^Autostart^OpenOffice.org 2.1.lnk]

path=c:\dokumente und einstellungen\Rashtagul\Startmenü\Programme\Autostart\OpenOffice.org 2.1.lnk

backup=c:\windows\pss\OpenOffice.org 2.1.lnkStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04        35760        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-08-08 12:11        490952        ----a-w-        c:\programme\DAEMON Tools Lite\daemon.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-03-05 15:32        1135912        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HCWemmon]

2007-03-29 21:22        61440        -c--a-w-        c:\windows\hcwemMON.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2010-05-03 13:27        133368        ----a-w-        c:\programme\ICQ7.1\ICQ.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

2001-11-29 00:00        28672        ----a-w-        c:\programme\Creative\SBLive\Program\ADGJDet.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2007-02-07 23:12        488984        ----a-w-        c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-02-07 23:13        774168        ----a-w-        c:\programme\Logitech\QuickCam10\QuickCam10.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]

2003-10-14 16:36        38984        ----a-w-        c:\progra~1\ICQ\ICQNet.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2007-04-11 23:43        1661304        ----a-w-        c:\programme\Messenger\Msmsgs.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-06-01 09:22        7618560        ----a-w-        c:\windows\system32\nvcpl.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-06-01 09:22        86016        ----a-w-        c:\windows\system32\nvmctray.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-06-01 09:22        1519616        ----a-w-        c:\windows\system32\nwiz.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]

2009-09-11 22:34        2524416        ----a-w-        c:\programme\OO Software\Defrag\oodtray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RouterControl]

2008-04-14 18:51        3179520        ----a-w-        c:\progra~1\ROUTER~1\RouterControl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2006-06-01 13:40        180269        ----a-w-        c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 00:00        90112        -c----w-        c:\windows\Updreg.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

2002-07-02 09:56        24576        ----a-w-        c:\windows\system32\CTHELPER.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"DAEMON Tools"="c:\programme\DAEMON Tools\daemon.exe" -lang 1033
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Programme\\Messenger\\Msmsgs.exe"=

"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"=

"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Programme\\Valve\\hl.exe"=

"c:\\Programme\\Valve\\hlds.exe"=

"e:\\Programme\\Azureus\\Azureus.exe"=

"c:\\Programme\\Vuze\\Azureus.exe"=

"c:\\Programme\\ICQ\\Icq.exe"=

"c:\\Dokumente und Einstellungen\\Rashtagul\\Desktop\\Wiesseraldeer\\Weisseradler-Script 1.071\\mirc.exe"=

"c:\\Programme\\ICQ7.1\\ICQ.exe"=

"c:\\Programme\\ICQ7.1\\aolload.exe"=

"d:\\Warcraft III\\Warcraft III.exe"=

"c:\\Programme\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)
 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\programme\Trust\Trust R-Series Mouse\KMWDSrv.exe [09.06.2007 00:23 208896]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 17:46 31760]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 20:59 19472]

R3 SAA7146n;TT DVB-PCI driver (SAA7146n);c:\windows\system32\drivers\saa7146n.sys [13.09.2004 11:13 65840]

R3 TTLOOPHE;Virtual DVB-S/-C/-T Network Adapter Driver;c:\windows\system32\drivers\ttloophe.sys [08.11.2004 19:44 39284]

S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\DRIVERS\SMCWGU.sys --> c:\windows\system32\DRIVERS\SMCWGU.sys [?]

S3 TT7146KS;TechnoTrend SAA7146 Capture (WDM);c:\windows\system32\drivers\TT7146KS.sys [23.05.2005 09:48 80384]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02.01.2006 14:37 717296]

.

Inhalt des "geplante Tasks" Ordners
 

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1078145449-839522115-1003Core.job

- c:\dokumente und einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-04-08 16:32]
 

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1078145449-839522115-1003UA.job

- c:\dokumente und einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-04-08 16:32]
 

2010-10-06 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-28 20:18]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

mStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Read with DeskBot

IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\programme\ICQ7.1\ICQ.exe

IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - hxxp://www.gomusic.ru/cabs/xdownloader.cab

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG12.00.00.01PROFESSIONAL"="047037BEE49DFDC56081B5D37F04533E678ED497F2895DAED44108DC37658F6F047287395140D8FCA6053B460C7BD1E60F13332EC8C1FC84FE6AB50FDF6F9F0094DBD4AD0C4621AEC0D01FF26BEDFAB54BC054388BD03D0A67FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794A6A0AC4980AC7933D110DD2C68822E4AB052AC59E86111D572DCA51CC65EC2FE11C00F2071D33F396BB1DEDA0A55E138323E879A38B75305A41C17264C1F5D269B7EACE73724F9D2E58934304B06443EF7417801D36EA8EB649D05EFF63E7213AB9ED40FED79A59BD57AD1700331A11CE1D72AB26F081F7AFE176C9FF6CBF70A9BAD785BE08B3945420D40223C559894C4A4D91573F09CA5B564609EB0B8B44EBBDE20D714760607296C9A1134589AEFE9E958567A75D7653F0206193C5C47AA4E0A66D1BA382B1CF8E8134B5F0371F88F918B66D3465D374612980067F09F6C0AAAFB5CBFB421C296F5EBA5E180B400E4296BF883798C1CE75B660BB19402E59ADD224DC0B4AEBDD92CFE3518E1555810E18606C1889817B74651AF4FC988EB1FE7323E8EE173D30EC6B758909C155A2A0FFDCAF8CF8AB1B86150AE29761FD8A9AF160E2FCC60CE73A7162A8B870AE1BF2B864649123DF8675EEC86DCE5860942BECDDD5C683C7E3F4F309082DE21CCD1D26A3C86F360FDB11445FC39C554DFE3C5EB15038A9FB518E7AB321E44177FD545053737FE78D378FA0C9BC32970C17C9698DD4471F8C91ABDC6793EBB00E3B4694A0017A1DB1592B287303507971970A88E25763B8A95D6BED19674AD42E14BC73D29962B375D4AFA124A79B75AD316951D1DA36B6979D001307C07E5986CE90DF78658530C4C5C3C99C032FA2062381EA7BC08E80055003B5961F19511F4578927B03431AB87FB7E212BB1F31D3B1624A4BE17FE8A13D1485BC0615010F3CAB28D023644BD38CF6F3EE78228E1D763AE219FF3DD1C1B252AD65ABA8FCA6573A1FE1B1DEB400B6FE21B97DF014EB546E8BA2379199ADBCD04FD3191AE4DC87013E561DC6F01AF6B4DF61F3CCE1656DAA2A54EB4A6BF49149D990CB26E75215767BEFC1D77A55B44C823A83AC24240AE4C29EBE76498D9B4E287F61C7375F5B0A31B58B7912446F09306A0B2F3B0FBC5FD1F8A080F07075F6336BFFE4756D4FA7120A53FAD492ED90F1A3733DA919896F279FABE4BC25038D32B7A44D370CAA51E8757F4A333D1DFC16DE37BD8E9278C8A39D36921D239D60BFD7E846BF36E16191EA651ABD8F852D4235D7FAE913C074676EF1A7A16464786DB668EC0E3D4A678458FFEE2FEE87897F023680337F2D7CE5C6D9528BD0509648491E56E151A237372D1DE4CC2EF0CF92174136159"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'explorer.exe'(4508)

c:\programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll

c:\windows\system32\webcheck.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\brss01a.exe

c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe

c:\windows\System32\CTsvcCDA.exe

c:\programme\Cisco Systems\VPN Client\cvpnd.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Trust\Trust R-Series Mouse\KMConfig.exe

c:\windows\system32\nvsvc32.exe

c:\programme\Trust\Trust R-Series Mouse\KMProcess.exe

c:\programme\OO Software\Defrag\oodag.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\wdfmgr.exe

c:\windows\System32\MsPMSPSv.exe

c:\programme\Canon\CAL\CALMAIN.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-10-06  18:21:54 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-10-06 16:21

ComboFix2.txt  2010-10-05 23:44
 

Vor Suchlauf: 8.830.504.960 Bytes frei

Nach Suchlauf: 9.239.429.120 Bytes frei
 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 41B97140B816EEFF3A7B05831EB807D6

--- --- ---

Zitat:

c:\windows\system32\drivers\ISwift3.dat

Diese Datei halte ich für höchst dubios.
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Hallo,

leider war ich die die letzte Woche nicht anwesend, ich hoffe dass wir dennoch weiter an dem Problem arbeiten könnten. Leider hat der OSAM online Scan nicht funktioniert:

[Code]

GMER Logfile:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-10-14 19:45:17

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOKUME~1\RASHTA~1\LOKALE~1\Temp\pxtdrpog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwAdjustPrivilegesToken [0xF04E336E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwClose [0xF04E3A86]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwConnectPort [0xF04E460C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwCreateEvent [0xF04E4B40]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwCreateFile [0xF04E3D78]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwCreateKey [0xF04E2460]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwCreateMutant [0xF04E4A18]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwCreateNamedPipeFile [0xF04E1D0A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwCreatePort [0xF04E48D4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwCreateSection [0xF04E3102]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwCreateSemaphore [0xF04E4C72]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwCreateSymbolicLinkObject [0xF04E640E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwCreateThread [0xF04E3886]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwCreateWaitablePort [0xF04E4976]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwDeleteKey [0xF04E2A20]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwDeleteValueKey [0xF04E2CF8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwDeviceIoControlFile [0xF04E421C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwDuplicateObject [0xF04E6980]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwEnumerateKey [0xF04E2E3A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwEnumerateValueKey [0xF04E2EE4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwFsControlFile [0xF04E4016]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwLoadDriver [0xF04E5EA6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwLoadKey [0xF04E243C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwLoadKey2 [0xF04E244E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwNotifyChangeKey [0xF04E3030]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwOpenEvent [0xF04E4BE2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwOpenFile [0xF04E3B08]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwOpenKey [0xF04E2604]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwOpenMutant [0xF04E4AB0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwOpenProcess [0xF04E356E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwOpenSection [0xF04E6438]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwOpenSemaphore [0xF04E4D14]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwOpenThread [0xF04E3492]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwQueryKey [0xF04E2F8E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwQueryMultipleValueKey [0xF04E2BB6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwQueryValueKey [0xF04E28BC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwQueueApcThread [0xF04E6128]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwRenameKey [0xF04E2B34]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwReplaceKey [0xF04E20C2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwReplyPort [0xF04E509E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwReplyWaitReceivePort [0xF04E4F64]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwRequestWaitReplyPort [0xF04E5C30]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwRestoreKey [0xF04E2224]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwResumeThread [0xF04E6860]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwSaveKey [0xF04E1EC4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwSecureConnectPort [0xF04E4312]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwSetContextThread [0xF04E3984]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwSetInformationToken [0xF04E55F2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwSetSecurityObject [0xF04E5FA0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwSetSystemInformation [0xF04E64C2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwSetValueKey [0xF04E2744]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwSuspendProcess [0xF04E65A6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwSuspendThread [0xF04E66D2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwSystemDebugControl [0xF04E5DD2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwTerminateProcess [0xF04E36EA]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwTerminateThread [0xF04E363C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 ZwWriteVirtualMemory [0xF04E37C8]
 

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 FsRtlCheckLockForReadAccess

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                 IoIsOperationSynchronous
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntoskrnl.exe!_abnormal_termination + 114                                                                                              804E2780 16 Bytes  [02, 31, 4E, F0, 72, 4C, 4E, ...]

.text           ntoskrnl.exe!_abnormal_termination + 1D0                                                                                              804E283C 12 Bytes  [A6, 5E, 4E, F0, 3C, 24, 4E, ...]

.text           ntoskrnl.exe!_abnormal_termination + 34C                                                                                              804E29B8 16 Bytes  [34, 2B, 4E, F0, C2, 20, 4E, ...]

.text           ntoskrnl.exe!_abnormal_termination + 440                                                                                              804E2AAC 12 Bytes  [A6, 65, 4E, F0, D2, 66, 4E, ...]

.text           ntoskrnl.exe!_abnormal_termination + 450                                                                                              804E2ABC 8 Bytes  JMP 3CF04E36 

.text           ntoskrnl.exe!IoIsOperationSynchronous                                                                                                 804E876A 5 Bytes  JMP F04D87DE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)

.text           ntoskrnl.exe!FsRtlCheckLockForReadAccess                                                                                              80512959 5 Bytes  JMP F04D8424 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                              section is writeable [0xF62F8360, 0x240F7E, 0xE8000020]
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice]                                                                   [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                                               [F6DEFD50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice]                                                                   [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                                               [F6DEFD50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice]                                                                     [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice]                                                                 [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice]                                                                   [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice]                                                                  [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice]                                                                    [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice]                                                                   [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice]                                                                  [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\system32\DRIVERS\usbccgp.sys[NTOSKRNL.EXE!IoCreateDevice]                                                                 [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\system32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice]                                                                [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\system32\DRIVERS\usbprint.sys[ntoskrnl.exe!IoCreateDevice]                                                                [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\USBSTOR.SYS[ntoskrnl.exe!IoCreateDevice]                                                                 [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice]                                                                  [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice]                                                                 [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\Drivers\Udfs.SYS[ntoskrnl.exe!IoCreateDevice]                                                                    [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice]                                                                 [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice]                                                                  [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice]                                                                [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice]                                                                    [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice]                                                                  [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice]                                                                    [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice]                                                                     [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice]                                                                  [F6DEFC00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\WINDOWS\Explorer.EXE[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                              [00CB2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\WINDOWS\Explorer.EXE[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                     [00CB2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\WINDOWS\Explorer.EXE[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                   [00CB2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\WINDOWS\Explorer.EXE[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                         [00CB2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\WINDOWS\system32\wuauclt.exe[2400] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                     [00A22EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\WINDOWS\system32\wuauclt.exe[2400] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                            [00A22C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\WINDOWS\system32\wuauclt.exe[2400] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                          [00A22C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\WINDOWS\system32\wuauclt.exe[2400] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                [00A22C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\Dokumente und Einstellungen\Rashtagul\Desktop\gmer.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]           [00802EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\Dokumente und Einstellungen\Rashtagul\Desktop\gmer.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]  [00802C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\Dokumente und Einstellungen\Rashtagul\Desktop\gmer.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                [00802C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\Dokumente und Einstellungen\Rashtagul\Desktop\gmer.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]      [00802C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                             kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                             kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                           kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                   0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                0x15 0xC2 0x3E 0x0C ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                   C:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                             

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                       0xA6 0x5C 0x28 0x8D ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                          0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                       

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                 0x85 0xA3 0x00 0xED ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                                       

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                 0x80 0xF4 0xF8 0x29 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                       C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                       0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                    0x0F 0xB1 0xE9 0xD2 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                         

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                           0x5B 0x10 0xE6 0xA2 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                   

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                     0xAB 0x7C 0x2A 0xDD ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                  

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                       0

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                    0x15 0xC2 0x3E 0x0C ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                       C:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                         

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                           0xA6 0x5C 0x28 0x8D ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                   

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                     0x85 0xA3 0x00 0xED ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)                   

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                     0x80 0xF4 0xF8 0x29 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                  

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                       0

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                    0x15 0xC2 0x3E 0x0C ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                       C:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                         

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                           0xA6 0x5C 0x28 0x8D ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                   

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                     0x85 0xA3 0x00 0xED ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)                   

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                     0x80 0xF4 0xF8 0x29 ...

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                                 

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL                                                 047037BEE49DFDC56081B5D37F04533E678ED497F2895DAED44108DC37658F6F047287395140D8FCA6053B460C7BD1E60F13332EC8C1FC84FE6AB50FDF6F9F0094DBD4AD0C4621AEC0D01FF26BEDFAB54BC054388BD03D0A67FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794A6A0AC4980AC7933D110DD2C68822E4AB052AC59E86111D572DCA51CC65EC2FE11C00F2071D33F396BB1DEDA0A55E138323E879A38B75305A41C17264C1F5D269B7EACE73724F9D2E58934304B06443EF7417801D36EA8EB649D05EFF63E7213AB9ED40FED79A59BD57AD1700331A11CE1D72AB26F081F7AFE176C9FF6CBF70A9BAD785BE08B3945420D40223C559894C4A4D91573F09CA5B564609EB0B8B44EBBDE20D714760607296C9A1134589AEFE9E958567A75D7653F0206193C5C47AA4E0A66D1BA382B1CF8E8134B5F0371F88F918B66D3465D374612980067F09F6C0AAAFB5CBFB421C296F5EBA5E180B400E4296BF883798C1CE75B660BB19402E59ADD224DC0B4AEBDD92CFE3518E1555810E18606C1889817B74651AF4FC988EB1FE7323E8EE173D30EC6B758909C155A2A0FFDCAF8CF8AB1B86150AE29761FD8A9AF160E2FCC60CE73A7162A8B870AE1BF2B864649123DF8675EEC86DCE58
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Code:



OSAM Logfile:
 

        Code:


        
Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 16:31:25 on 15.10.2010
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Google Inc. Google Chrome 0.0.0.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskUserS-1-5-21-1229272821-1078145449-839522115-1003Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-1229272821-1078145449-839522115-1003UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

"WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"AudioHQU.cpl" - "Creative Technology Ltd." - C:\WINDOWS\system32\AudioHQU.cpl

"CTDetect.cpl" - "Creative Technology Ltd." - C:\WINDOWS\system32\CTDetect.cpl

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

"speech.cpl" - "Microsoft" - C:\WINDOWS\system32\speech.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl

"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

"SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL

"WebSpeech" - "G DATA Software AG" - C:\PROGRA~1\GEMEIN~1\WEBSPE~1.0\LgxIEControl.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ASPI32" (ASPI32) - "Adaptec" - C:\WINDOWS\system32\drivers\ASPI32.sys

"Brother USB Still Image driver" (BrScnUsb) - "Brother Industries Ltd." - C:\WINDOWS\System32\Drivers\BrScnUsb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\RASHTA~1\LOKALE~1\Temp\catchme.sys  (File not found)

"cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\WINDOWS\system32\drivers\cdrbsdrv.sys

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

"Creative AC3 Software Decoder" (ctac32k) - "Creative Technology Ltd" - C:\WINDOWS\System32\drivers\ctac32k.sys

"Creative Audio Driver (WDM)" (ctaud2k) - "Creative Technology Ltd" - C:\WINDOWS\System32\drivers\ctaud2k.sys

"Creative Hardware Abstract Layer Driver" (ha10kx2k) - "Creative Technology Ltd" - C:\WINDOWS\System32\drivers\ha10kx2k.sys

"Creative OS Services Driver" (ossrv) - "Creative Technology Ltd." - C:\WINDOWS\System32\drivers\ctoss2k.sys

"Creative Proxy Driver" (ctprxy2k) - "Creative Technology Ltd" - C:\WINDOWS\System32\drivers\ctprxy2k.sys

"Creative SoundFont Management Device Driver" (ctsfm2k) - "Creative Technology Ltd" - C:\WINDOWS\System32\drivers\ctsfm2k.sys

"dtscsi" (dtscsi) - ? - C:\WINDOWS\System32\Drivers\dtscsi.sys  (File not found)

"E-mu Plug-in Architecture Driver" (emupia) - "Creative Technology Ltd" - C:\WINDOWS\System32\drivers\emupia2k.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"Kl1" (kl1) - "Kaspersky Lab" - C:\WINDOWS\System32\drivers\kl1.sys

"KMWDFilter" (KMWDFilter) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\System32\Drivers\KMWDFilter.SYS

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"Logitech QuickCam IM(PID_PEPI)" (PID_PEPI) - "Logitech Inc." - C:\WINDOWS\System32\DRIVERS\LV302V32.SYS

"Logitech USB Monitor Filter" (LVUSBSta) - "Logitech Inc." - C:\WINDOWS\System32\drivers\LVUSBSta.sys

"Net MD" (NETMDUSB) - "Sony Corporation" - C:\WINDOWS\System32\Drivers\NETMD033.sys

"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PfModNT" (PfModNT) - "Creative Technology Ltd." - C:\WINDOWS\system32\PfModNT.sys

"PnkBstrK" (PnkBstrK) - ? - C:\WINDOWS\system32\drivers\PnkBstrK.sys  (File found, but it contains no detailed information)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC)" (SMCWGU(SMC)) - ? - C:\WINDOWS\System32\DRIVERS\SMCWGU.sys  (File not found)

"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys

"TechnoTrend SAA7146 Capture (WDM)" (TT7146KS) - "TechnoTrend AG" - C:\WINDOWS\System32\DRIVERS\TT7146KS.sys

"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\drivers\truecrypt.sys

"TT DVB-PCI driver (SAA7146n)" (SAA7146n) - "TechnoTrend AG" - C:\WINDOWS\System32\DRIVERS\saa7146n.sys

"Virtual DVB-S/-C/-T Network Adapter Driver" (TTLOOPHE) - "TechnoTrend AG" - C:\WINDOWS\System32\DRIVERS\ttloophe.sys

"Volume Adapter" (pepifilter) - "Logitech Inc." - C:\WINDOWS\System32\DRIVERS\lv302af.sys

"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"WinTV HVR-900" (USB28xxBGA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emBDA.sys

"WinTV OEM Filter" (USB28xxOEM) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emOEM.sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.1\program\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "Logitech Inc." - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} "OODShellExtObj Class" - "O&O Software GmbH" - C:\PROGRA~1\OOSOFT~1\Defrag\oodsh.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{2D9700CB-A777-4DB0-96E1-1EBEBB7D1510} "WebSpeech Reader" - "G DATA Software AG" - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

{33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

{D00E9550-440D-4EF8-BFCE-174300890C05} "{D00E9550-440D-4EF8-BFCE-174300890C05}" - ? -   (File not found | COM-object registry key not found) / hxxp://www.gomusic.ru/cabs/xdownloader.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtual keyboard" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

"@C:\Programme\Messenger\Msgslang.dll,-61144" - "Microsoft Corporation" - C:\Programme\Messenger\msmsgs.exe

"ICQ Pro" - "ICQ Inc." - C:\PROGRA~1\ICQ\ICQ.exe

"ICQ7.1" - "ICQ, LLC." - C:\Programme\ICQ7.1\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

{CCF151D8-D089-449F-A5A4-D9909053F20F} "URLs c&heck" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

{0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} "WebSpeech" - "G DATA Software AG" - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

{E5A1691B-D188-4419-AD02-90002030B8EE} "FlashFXP Helper for Internet Explorer" - "IniCom Networks, Inc." - C:\Programme\FlashFXP\IEFlash.dll

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{83A30C59-3A50-49E6-9DAF-4923C4EA3C23} "WebSpeechBHO Class" - "G DATA Software AG" - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"Status Monitor.lnk" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Rashtagul\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\Rashtagul\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avp" - "Kaspersky Lab" - "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

"ControlCenter2.0" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun

"FinePrint Dispatcher v5" - "FinePrint Software, LLC" - "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM

"KMCONFIG" - "UASSOFT.COM" - C:\Programme\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

"SetDefPrt" - "Brother Industories, Ltd." - C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"FPR5:" - "FinePrint Software, LLC" - C:\WINDOWS\system32\fpmon5.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

"PDF995 Monitor" - ? - C:\WINDOWS\system32\pdf995mon.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"BrSplService" (Brother XP spl Service) - "brother Industries Ltd" - C:\WINDOWS\system32\brsvc01a.exe

"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

"Creative Service for CDROM Access" (Creative Service for CDROM Access) - "Creative Technology Ltd" - C:\WINDOWS\System32\CTsvcCDA.exe

"getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_HelperSvc.exe

"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Kaspersky Internet Security" (AVP) - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

"Keyboard And Mouse Communication Service" (KMWDSERVICE) - "UASSOFT.COM" - C:\Programme\Trust\Trust R-Series Mouse\KMWDSrv.exe

"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe

"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe

"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\Programme\OO Software\Defrag\oodag.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe  (File found, but it contains no detailed information)

"Process Monitor" (LVPrcSrv) - "Logitech Inc." - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe

"SiSoftware Database Agent Service" (SandraDataSrv) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe

"SiSoftware Sandra Agent Service" (SandraTheSrv) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"WMDM PMSP Service" (WMDM PMSP Service) - "Microsoft Corporation" - C:\WINDOWS\System32\MsPMSPSv.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"klogon" - "Kaspersky Lab" - C:\WINDOWS\system32\klogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

 
--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows XP Professional

Windows Information:                Service Pack 3 (build 2600)

Logical Drives Mask:                0x0000057d
 

Kernel Drivers (total 142):

  0x804D7000 \WINDOWS\system32\ntoskrnl.exe

  0x806EF000 \WINDOWS\system32\hal.dll

  0xF79AE000 \WINDOWS\system32\KDCOM.DLL

  0xF78BE000 \WINDOWS\system32\BOOTVID.dll

  0xF745E000 ACPI.sys

  0xF79B0000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

  0xF744D000 pci.sys

  0xF74AE000 isapnp.sys

  0xF74BE000 ohci1394.sys

  0xF74CE000 \WINDOWS\System32\DRIVERS\1394BUS.SYS

  0xF79B2000 intelide.sys

  0xF772E000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

  0xF74DE000 MountMgr.sys

  0xF742E000 ftdisk.sys

  0xF79B4000 dmload.sys

  0xF7408000 dmio.sys

  0xF7736000 PartMgr.sys

  0xF74EE000 VolSnap.sys

  0xF73F0000 atapi.sys

  0xF74FE000 disk.sys

  0xF750E000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

  0xF73D0000 fltmgr.sys

  0xF73BE000 sr.sys

  0xF751E000 klbg.sys

  0xF752E000 PxHelp20.sys

  0xF73A7000 KSecDD.sys

  0xF731A000 Ntfs.sys

  0xF72ED000 NDIS.sys

  0xF72D3000 Mup.sys

  0xF6DB3000 kl1.sys

  0xF773E000 \WINDOWS\system32\drivers\TDI.SYS

  0xF753E000 agp440.sys

  0xF5D9F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

  0xF5D8B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

  0xF76DE000 \SystemRoot\system32\DRIVERS\saa7146n.sys

  0xF3C5F000 \SystemRoot\system32\drivers\ctaud2k.sys

  0xF3C3B000 \SystemRoot\system32\drivers\portcls.sys

  0xF67E9000 \SystemRoot\system32\drivers\drmk.sys

  0xF3C18000 \SystemRoot\system32\drivers\ks.sys

  0xF3BFF000 \SystemRoot\system32\drivers\ctoss2k.sys

  0xF79F0000 \SystemRoot\System32\drivers\ctprxy2k.sys

  0xF6D6F000 \SystemRoot\System32\DRIVERS\gameenum.sys

  0xF77DE000 \SystemRoot\System32\DRIVERS\RTL8139.SYS

  0xF6819000 \SystemRoot\system32\DRIVERS\imapi.sys

  0xF75CE000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS

  0xF3764000 \SystemRoot\System32\DRIVERS\cdrom.sys

  0xF3754000 \SystemRoot\System32\DRIVERS\redbook.sys

  0xF77FE000 \SystemRoot\System32\DRIVERS\usbuhci.sys

  0xF31EB000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

  0xF7836000 \SystemRoot\System32\DRIVERS\fdc.sys

  0xF3744000 \SystemRoot\System32\DRIVERS\serial.sys

  0xF617A000 \SystemRoot\System32\DRIVERS\serenum.sys

  0xF31D7000 \SystemRoot\System32\DRIVERS\parport.sys

  0xF3734000 \SystemRoot\System32\DRIVERS\i8042prt.sys

  0xF781E000 \SystemRoot\System32\DRIVERS\kbdclass.sys

  0xF7BD7000 \SystemRoot\system32\drivers\msmpu401.sys

  0xF31B9000 \SystemRoot\system32\DRIVERS\dne2000.sys

  0xF3704000 \SystemRoot\system32\DRIVERS\klim5.sys

  0xF7BC5000 \SystemRoot\System32\DRIVERS\audstub.sys

  0xF75FE000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

  0xF6176000 \SystemRoot\System32\DRIVERS\ndistapi.sys

  0xF31A2000 \SystemRoot\System32\DRIVERS\ndiswan.sys

  0xF75DE000 \SystemRoot\System32\DRIVERS\raspppoe.sys

  0xF771E000 \SystemRoot\System32\DRIVERS\raspptp.sys

  0xF3191000 \SystemRoot\System32\DRIVERS\psched.sys

  0xF757E000 \SystemRoot\System32\DRIVERS\msgpc.sys

  0xF7806000 \SystemRoot\System32\DRIVERS\ptilink.sys

  0xF77EE000 \SystemRoot\System32\DRIVERS\raspti.sys

  0xF780E000 \SystemRoot\system32\DRIVERS\ttloophe.sys

  0xF3161000 \SystemRoot\System32\DRIVERS\rdpdr.sys

  0xF758E000 \SystemRoot\System32\DRIVERS\termdd.sys

  0xF7826000 \SystemRoot\System32\DRIVERS\mouclass.sys

  0xF7A10000 \SystemRoot\System32\DRIVERS\swenum.sys

  0xF3103000 \SystemRoot\System32\DRIVERS\update.sys

  0xF615E000 \SystemRoot\System32\DRIVERS\mssmbios.sys

  0xF75EE000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0xF1F5D000 \SystemRoot\system32\drivers\ha10kx2k.sys

  0xF1F48000 \SystemRoot\System32\drivers\ctac32k.sys

  0xF1F2F000 \SystemRoot\System32\drivers\emupia2k.sys

  0xF1F10000 \SystemRoot\System32\drivers\ctsfm2k.sys

  0xF76CE000 \SystemRoot\System32\DRIVERS\usbhub.sys

  0xF7A32000 \SystemRoot\System32\DRIVERS\USBD.SYS

  0xF77F6000 \SystemRoot\System32\DRIVERS\flpydisk.sys

  0xF1EC2000 \SystemRoot\system32\DRIVERS\klif.sys

  0xF7A2A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0xF7BE6000 \SystemRoot\System32\Drivers\Null.SYS

  0xF7A34000 \SystemRoot\System32\Drivers\Beep.SYS

  0xF784E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0xF7856000 \SystemRoot\System32\drivers\vga.sys

  0xF7A36000 \SystemRoot\System32\Drivers\mnmdd.SYS

  0xF7A3A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0xF785E000 \SystemRoot\System32\Drivers\Msfs.SYS

  0xF786E000 \SystemRoot\System32\Drivers\Npfs.SYS

  0xF6D87000 \SystemRoot\System32\DRIVERS\rasacd.sys

  0xF1E8F000 \SystemRoot\System32\DRIVERS\ipsec.sys

  0xF1E0E000 \SystemRoot\System32\DRIVERS\tcpip.sys

  0xF1DE6000 \SystemRoot\System32\DRIVERS\netbt.sys

  0xF1DC4000 \SystemRoot\System32\drivers\afd.sys

  0xF75BE000 \SystemRoot\System32\DRIVERS\netbios.sys

  0xF7876000 \SystemRoot\System32\Drivers\StarOpen.SYS

  0xF1D97000 \SystemRoot\System32\drivers\truecrypt.sys

  0xF1D6C000 \SystemRoot\System32\DRIVERS\rdbss.sys

  0xF1CD4000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

  0xF75AE000 \SystemRoot\System32\Drivers\Fips.SYS

  0xF1CAE000 \SystemRoot\System32\DRIVERS\ipnat.sys

  0xF1C5C000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys

  0xF6D6B000 \SystemRoot\System32\Drivers\ASPI32.SYS

  0xF764E000 \SystemRoot\System32\DRIVERS\wanarp.sys

  0xF7866000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0xF787E000 \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS

  0xF797E000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0xF67F9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0xF7886000 \SystemRoot\system32\DRIVERS\usbprint.sys

  0xF76BE000 \SystemRoot\system32\drivers\LVUSBSta.sys

  0xF322B000 \SystemRoot\System32\Drivers\BrScnUsb.sys

  0xF77BE000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS

  0xF3227000 \SystemRoot\System32\DRIVERS\mouhid.sys

  0xF67B9000 \SystemRoot\system32\DRIVERS\klmouflt.sys

  0xF1C38000 \SystemRoot\System32\Drivers\Fastfat.SYS

  0xF1BFF000 \SystemRoot\System32\Drivers\Udfs.SYS

  0xF1BE7000 \SystemRoot\System32\Drivers\dump_atapi.sys

  0xF7A44000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

  0xBF800000 \SystemRoot\System32\win32k.sys

  0xF1E87000 \SystemRoot\System32\drivers\Dxapi.sys

  0xF775E000 \SystemRoot\System32\watchdog.sys

  0xBF000000 \SystemRoot\System32\drivers\dxg.sys

  0xF7B35000 \SystemRoot\System32\drivers\dxgthk.sys

  0xBF012000 \SystemRoot\System32\nv4_disp.dll

  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

  0xBA5F0000 \SystemRoot\System32\DRIVERS\ndisuio.sys

  0xB9CAB000 \SystemRoot\system32\drivers\wdmaud.sys

  0xF0BA7000 \SystemRoot\system32\drivers\sysaudio.sys

  0xF3714000 \SystemRoot\System32\Drivers\Cdfs.SYS

  0xB99C2000 \SystemRoot\System32\DRIVERS\mrxdav.sys

  0xF7A1A000 \SystemRoot\System32\Drivers\ParVdm.SYS

  0xB981A000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

  0xB97B1000 \SystemRoot\System32\Drivers\HTTP.sys

  0xB9691000 \SystemRoot\System32\DRIVERS\srv.sys

  0xF79C4000 \??\C:\WINDOWS\system32\PfModNT.sys

  0xB96F9000 \SystemRoot\System32\DRIVERS\secdrv.sys

  0xF7846000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys

  0x7C910000 \WINDOWS\system32\ntdll.dll
 

Processes (total 40):

       0 System Idle Process

       4 System

    1724 C:\WINDOWS\system32\smss.exe

    1944 csrss.exe

    1984 C:\WINDOWS\system32\winlogon.exe

    2032 C:\WINDOWS\system32\services.exe

    2044 C:\WINDOWS\system32\lsass.exe

     384 C:\WINDOWS\system32\svchost.exe

     472 svchost.exe

    1068 C:\WINDOWS\system32\svchost.exe

    1232 svchost.exe

    1932 svchost.exe

    1936 C:\WINDOWS\explorer.exe

     604 C:\WINDOWS\system32\brsvc01a.exe

     652 C:\WINDOWS\system32\brss01a.exe

     660 C:\WINDOWS\system32\spoolsv.exe

     700 C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe

     992 C:\Programme\Brother\ControlCenter2\brctrcen.exe

    1048 C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe

    1056 C:\Programme\Trust\Trust R-Series Mouse\StartAutorun.exe

    1228 C:\Programme\Trust\Trust R-Series Mouse\KMCONFIG.exe

    1304 C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe

    1032 svchost.exe

    1360 C:\Programme\Trust\Trust R-Series Mouse\KMProcess.exe

     536 C:\WINDOWS\system32\CTSVCCDA.EXE

     904 C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

    1128 C:\Programme\Java\jre6\bin\jqs.exe

     780 C:\Programme\Brother\Brmfcmon\BrMfcMon.exe

     760 C:\Programme\Trust\Trust R-Series Mouse\KMWDSrv.exe

     956 C:\Programme\OO Software\Defrag\oodag.exe

     856 C:\WINDOWS\system32\PnkBstrA.exe

    1224 C:\WINDOWS\system32\PnkBstrB.exe

    1528 C:\WINDOWS\system32\svchost.exe

    1688 wdfmgr.exe

     480 C:\WINDOWS\system32\MsPMSPSv.exe

    3316 C:\Programme\Canon\CAL\CALMAIN.exe

    2264 alg.exe

     268 C:\WINDOWS\system32\svchost.exe

    1572 C:\Dokumente und Einstellungen\Rashtagul\Desktop\MBRCheck.exe

    3104 C:\WINDOWS\system32\notepad.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`50a67e00  (NTFS)

\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000011`2070dc00  (FAT32)
 

PhysicalDrive0 Model Number: ST380020A, Rev: 3.39    

PhysicalDrive1 Model Number: SAMSUNGSV1204H, Rev: RK100-12
 

      Size  Device Name          MBR Status

  --------------------------------------------

     74 GB  \\.\PhysicalDrive0   Windows XP MBR code detected

            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

    111 GB  \\.\PhysicalDrive1   Windows XP MBR code detected

            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
 
 

Done!

Sieht ok aus. Die Online-DB von OSAM ist unwichtig, die brauch ich eh nicht. Mich interessiert nur das reine Log.
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Also zur Zeit habe ich nichts finden können, ich lasse nochmals den SuperantiSpyware laufen, aber vielen Dank schonmal für die ganze Mühe!