Trojaner-Board - Gozi-Befall wurde mir durch meine Bank gemeldet

Hallo und guten Abend,
das Problem scheint ja bereits mehrmals aufgetreten zu sein: vor Kurzem wurde mir mein Online-Banking Account gesperrt. Begründung: Mein Rechner soll laut der Bank von dem Trojaner Gozi befallen sein.

Als Virusschutz verwende ich AntiVir und Windows-Defender, die beide nichts gemeldet haben.

Entsprechend eurer Anleitung habe ich die verschiedenen Scans durchgeführt, Ergebnisse siehe unten. Es hat alles gut funktioniert, zwei Abweichungen gab es von dem Prozedere, dass dort beschrieben wird:
(1) Defogger hat mich nicht zum Neustart aufgefordert
(2) Nach dem OTL-Scan wurde keine Datei "Extras.txt" erstellt, dafür aber eine "Scan.txt" Ich gehe mal davon aus, dass dies die gewünscht Datei ist...

Ich würde mich sehr über eure Hilfe freuen! Schonmal vielen Dank im Vorraus,
freundliche Grüße
JoChan

So, und hier nun die Logfiles

(1) Logfile von Malwarebytes:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5233

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

02.12.2010 17:41:46
mbam-log-2010-12-02 (17-41-46).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140363
Laufzeit: 5 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Admin\AppData\Roaming\chkntfs.dat (Malware.Trace) -> Quarantined and deleted successfully.

(2) defogger_disable log:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:45 on 02/12/2010 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read SafeBoot.sys

-=E.O.F=-

(3) Gmer.txt:
GMER Logfile:

Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2010-12-02 19:31:07

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011C

Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kxldykog.sys

 

 

---- Kernel code sections - GMER 1.0.15 ----

 

? C:\windows\System32\Drivers\SafeBoot.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9BC0A000, 0x1FB97A, 0xE8000020]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\Mozilla Firefox\firefox.exe[4900] ntdll.dll!LdrLoadDll 77209390 5 Bytes JMP 00D013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218677c630 

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218677c630@00039d308030 0x6A 0x51 0x0E 0x94 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218677c630@00219e411bb2 0xAA 0x49 0x07 0xAC ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218677c630 (not active ControlSet) 

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218677c630@00039d308030 0x6A 0x51 0x0E 0x94 ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218677c630@00219e411bb2 0xAA 0x49 0x07 0xAC ...

 

---- EOF - GMER 1.0.15 ----

--- --- ---

(4) OTL.txt:OTL Logfile:

Code:

OTL logfile created on: 02.12.2010 19:33:33 - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 288,09 Gb Total Space | 169,34 Gb Free Space | 58,78% Space Free | Partition Type: NTFS

Drive D: | 7,90 Gb Total Space | 0,99 Gb Free Space | 12,57% Space Free | Partition Type: NTFS

Drive F: | 1021,00 Mb Total Space | 1018,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

 

Computer Name: ***-LAPTOP | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.12.02 17:25:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe

PRC - [2010.11.19 18:52:06 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2010.11.19 18:52:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.11.19 18:52:05 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.09.25 19:21:41 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe

PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009.03.24 03:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008.06.02 18:57:40 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

PRC - [2008.06.02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

PRC - [2008.05.30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe

PRC - [2008.05.14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe

PRC - [2008.05.14 18:54:36 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe

PRC - [2008.03.31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe

PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\acevents.exe

PRC - [2007.05.16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.12.02 17:25:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe

MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

MOD - [2009.09.25 03:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll

MOD - [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll

MOD - [2009.04.11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll

MOD - [2009.04.11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll

MOD - [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll

MOD - [2008.03.25 13:17:04 | 000,076,048 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll

MOD - [2008.01.21 03:34:51 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll

MOD - [2008.01.21 03:34:44 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll

MOD - [2008.01.21 03:33:21 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2010.11.19 18:52:06 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.11.19 18:52:05 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.09.25 19:21:41 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)

SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009.09.23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)

SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.06.02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)

SRV - [2008.05.30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)

SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)

SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)

SRV - [2008.05.14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)

SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2010.11.23 17:40:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.11.19 18:52:06 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010.09.23 16:11:09 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)

DRV - [2010.09.23 16:10:00 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2010.09.23 16:10:00 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)

DRV - [2010.06.04 01:18:58 | 001,303,728 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.03.27 05:48:22 | 001,810,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.05.30 17:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)

DRV - [2008.05.30 17:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2008.05.30 17:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)

DRV - [2008.05.30 17:36:58 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2008.05.28 13:27:42 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)

DRV - [2008.05.28 13:27:40 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)

DRV - [2008.05.28 13:27:40 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)

DRV - [2008.05.21 11:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.04.28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2008.04.07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV - [2008.04.07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2008.04.03 22:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)

DRV - [2008.03.21 19:35:24 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)

DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2008.01.21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008.01.21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008.01.21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008.01.21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008.01.21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2008.01.21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008.01.21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008.01.21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008.01.21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008.01.21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)

DRV - [2008.01.21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008.01.21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008.01.21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008.01.21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008.01.21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)

DRV - [2008.01.21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008.01.21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008.01.21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008.01.21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008.01.21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008.01.21 03:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2008.01.21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008.01.21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008.01.21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007.11.02 13:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)

DRV - [2007.11.02 13:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)

DRV - [2007.11.02 13:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)

DRV - [2007.11.02 13:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)

DRV - [2007.11.02 13:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)

DRV - [2007.11.02 12:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)

DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)

DRV - [2004.02.04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 48

FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.1

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 22:24:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.31 22:24:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.01 13:59:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010.02.15 15:10:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions

[2010.02.15 15:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.12.02 16:33:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions

[2010.06.25 12:52:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.02.15 15:05:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010.11.24 21:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.11.27 18:14:16 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

[2010.02.15 15:05:32 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010.06.29 18:30:17 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.06.26 09:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.06.26 09:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.06.26 09:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.06.26 09:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.06.26 09:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)

O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [cmstnlpa] C:\Users\Admin\AppData\Local\Temp\cmdcopy.DLL File not found

O4 - HKCU..\Run: [Wallpaper4U] C:\Program Files\Wallpaper4U\Wallpaper4U.exe (blppSoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.102.20.20

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{7a5fab6d-d21d-11de-9439-00218677c630}\Shell - "" = AutoRun

O33 - MountPoints2\{7a5fab6d-d21d-11de-9439-00218677c630}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O33 - MountPoints2\{93d9f708-961b-11de-9045-00218677c630}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found

O33 - MountPoints2\{f63a37be-1ebd-11de-b907-00218677c630}\Shell\AutoRun\command - "" = wscript.exe .\.vbs

O33 - MountPoints2\{f63a37be-1ebd-11de-b907-00218677c630}\Shell\open\command - "" = wscript.exe .\.vbs

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

 

Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: VIDC.IYUV - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: VIDC.UYVY - C:\windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YUY2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVU9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVYU - C:\windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.12.02 17:47:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Gmer

[2010.12.02 17:34:21 | 000,000,000 | ---D | C] -- C:\windows\ERDNT

[2010.12.02 17:33:41 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2010.12.02 17:26:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes

[2010.12.02 17:26:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2010.12.02 17:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.12.02 17:26:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2010.12.02 17:26:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.12.02 17:24:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools

[2010.12.02 16:29:36 | 000,000,000 | ---D | C] -- C:\peanut

[2010.11.24 21:39:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.11.23 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira

[2010.11.23 11:40:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\SPSSInc

[2010.11.18 12:28:05 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntdd.sys

[2010.11.18 12:28:05 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntmgr.sys

[2009.03.27 05:47:16 | 000,195,120 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

[2009.03.13 12:42:09 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.12.02 17:48:48 | 000,674,582 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2010.12.02 17:48:48 | 000,634,400 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2010.12.02 17:48:48 | 000,146,234 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2010.12.02 17:48:48 | 000,119,964 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2010.12.02 17:45:32 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable

[2010.12.02 17:43:45 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe

[2010.12.02 17:43:42 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll

[2010.12.02 17:43:40 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.12.02 17:43:40 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.12.02 17:43:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2010.12.02 17:42:25 | 000,003,204 | ---- | M] () -- C:\windows\bthservsdp.dat

[2010.12.02 17:33:42 | 000,000,775 | ---- | M] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk

[2010.12.02 17:33:42 | 000,000,756 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk

[2010.12.02 17:26:11 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.12.02 17:24:59 | 000,288,107 | ---- | M] () -- C:\Users\Admin\Desktop\Gmer.zip

[2010.12.02 17:24:59 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\defogger.exe

[2010.12.02 17:24:21 | 000,471,560 | ---- | M] () -- C:\Users\Admin\Desktop\Load.exe

[2010.12.02 16:30:44 | 000,002,605 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Word.lnk

[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2010.11.28 18:53:01 | 000,000,425 | ---- | M] () -- C:\windows\BRWMARK.INI

[2010.11.28 18:53:01 | 000,000,027 | ---- | M] () -- C:\windows\BRPP2KA.INI

[2010.11.27 11:28:15 | 000,001,364 | ---- | M] () -- C:\Users\Admin\Desktop\ICHB - Verknüpfung.lnk

[2010.11.24 21:39:14 | 000,001,032 | ---- | M] () -- C:\Users\Admin\Desktop\DVDVideoSoft Free Studio.lnk

[2010.11.23 17:40:39 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys

[2010.11.21 20:59:18 | 000,045,568 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.19 18:52:06 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys

[2010.11.08 10:24:37 | 000,000,680 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat

 
 ========== Files Created - No Company Name ==========

 

[2010.12.02 17:45:32 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable

[2010.12.02 17:33:42 | 000,000,775 | ---- | C] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk

[2010.12.02 17:33:42 | 000,000,756 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk

[2010.12.02 17:26:11 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.12.02 17:24:59 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\defogger.exe

[2010.12.02 17:24:58 | 000,288,107 | ---- | C] () -- C:\Users\Admin\Desktop\Gmer.zip

[2010.12.02 17:24:18 | 000,471,560 | ---- | C] () -- C:\Users\Admin\Desktop\Load.exe

[2010.11.27 11:28:15 | 000,001,364 | ---- | C] () -- C:\Users\Admin\Desktop\ICHB - Verknüpfung.lnk

[2010.11.22 18:09:27 | 001,753,430 | ---- | C] () -- C:\Users\Admin\Desktop\DSCI1211.JPG

[2010.10.27 09:47:39 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll

[2010.10.27 09:47:39 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll

[2010.01.30 16:46:22 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat

[2009.11.08 11:30:49 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat

[2009.09.11 11:49:11 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll

[2009.06.03 18:33:05 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI

[2009.06.03 18:33:05 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI

[2009.06.03 12:03:13 | 000,000,377 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PrimoPDFSet.xml

[2009.06.03 11:19:51 | 000,176,235 | ---- | C] () -- C:\windows\System32\Primomonnt.dll

[2009.05.31 14:43:19 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\FnF4.txt

[2009.05.28 09:24:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.05.06 10:53:50 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll

[2009.03.27 05:48:22 | 001,810,992 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys

[2009.03.27 05:48:12 | 000,034,096 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys

[2009.03.16 21:37:02 | 000,000,021 | ---- | C] () -- C:\windows\PMK_setup.ini

[2009.03.13 15:20:45 | 000,000,403 | ---- | C] () -- C:\windows\ODBC.INI

[2009.03.13 14:58:22 | 000,045,568 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.03.13 12:50:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\QSwitch.txt

[2009.03.13 12:50:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\DSwitch.txt

[2009.03.13 12:50:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\AtStart.txt

[2009.03.13 12:42:08 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini

[2008.07.23 14:07:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI

[2008.05.30 17:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys

[2008.05.21 10:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini

[2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll

[2005.04.03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll

[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

 
 ========== LOP Check ==========

 

[2009.08.23 17:40:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BackToZIP

[2010.09.23 13:38:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cycle of 5th

[2010.11.24 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.03.13 16:09:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InterVideo

[2009.03.28 19:31:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Micrografx

[2010.02.14 21:48:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird

[2010.12.02 17:42:25 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.* >

[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007.11.07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007.11.07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2007.11.07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2007.11.07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007.11.07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007.11.07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007.11.07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007.11.07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007.11.07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007.11.07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007.11.07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007.11.07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007.11.07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2009.03.14 16:18:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009.03.14 16:18:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010.02.05 21:24:00 | 000,262,144 | ---- | M] () -- C:\ntuser.dat

[2010.02.05 21:24:00 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1

[2010.02.05 21:24:00 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2

[2010.02.05 21:24:00 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{5431937b-1287-11df-970d-00218677c630}.TM.blf

[2010.02.05 21:24:00 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{5431937b-1287-11df-970d-00218677c630}.TMContainer00000000000000000001.regtrans-ms

[2010.02.05 21:24:00 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{5431937b-1287-11df-970d-00218677c630}.TMContainer00000000000000000002.regtrans-ms

[2010.12.02 17:43:27 | 2189,508,608 | -HS- | M] () -- C:\pagefile.sys

[2007.11.07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007.11.07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007.11.07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

 
 < %systemroot%\system32\*.wt >

 
 < %systemroot%\system32\*.ruy >

 
 < %systemroot%\Fonts\*.com >

[2006.11.02 13:35:34 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont

[2006.11.02 13:35:34 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont

[2006.11.02 13:35:34 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont

[2010.02.05 19:37:58 | 000,037,665 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

 
 < %systemroot%\Fonts\*.dll >

 
 < %systemroot%\Fonts\*.ini >

[2006.09.18 22:37:34 | 000,000,065 | -H-- | M] () -- C:\windows\Fonts\desktop.ini

 
 < %systemroot%\Fonts\*.ini2 >

 
 < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2010.05.21 10:57:40 | 000,466,784 | ---- | M] (CIB software GmbH, München) -- C:\Windows\System32\spool\prtprocs\w32x86\CIBpdfPP.dll

[2009.03.24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDA1.DLL

[2009.03.24 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPA1.DLL

[2008.03.10 23:30:24 | 000,273,408 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp081.dll

 
 < %systemroot%\REPAIR\*.bak1 >

 
 < %systemroot%\REPAIR\*.ini >

 
 < %systemroot%\system32\*.jpg >

 
 < %systemroot%\*.scr >

 
 < %systemroot%\*._sy >

 
 < %APPDATA%\Adobe\Update\*.* >

 
 < %ALLUSERSPROFILE%\Favorites\*.* >

 
 < %APPDATA%\Microsoft\*.* >

 
 < %PROGRAMFILES%\*.* >

[2008.01.21 03:57:01 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini

 
 < %APPDATA%\Update\*.* >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2008.05.21 10:38:24 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll

[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

[2009.04.11 07:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

 
 < %systemroot%\Tasks\*.job /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\system32\user32.dll /md5 >

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

 
 < %systemroot%\system32\ws2_32.dll /md5 >

[2008.01.21 03:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

 
 < %systemroot%\system32\ws2help.dll /md5 >

[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

 

 
 < MD5 for: EXPLORER.EXE >

[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008.01.21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: WININIT.EXE >

[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE >

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-30 10:56:28

 

< End of report >

--- --- ---

(5) scan.txt (weil ich kein Extras.txt habe):

netsvcs
msconfig
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Alles klar,
also Gmer wollte nicht, beim 2. Versuch ist der PC abgestürzt und dann habe ich es halt gelassen.
Hier aber das Log von OSAM:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 19:51:25 on 05.12.2010
 

OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.12
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "Bioscrypt Inc." - C:\windows\system32\APSHook.dll
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\windows\system32\hpaccelerometercp.CPL

"TIControlPanel.cpl" - "Texas Instruments Incorporated" - C:\windows\system32\TIControlPanel.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"HP 3D DriveGuard" - "Hewlett-Packard Corporation" - C:\windows\system32\hpaccelerometercp.CPL
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ADI UAA Function Driver for High Definition Audio Service" (ADIHdAudAddService) - ? - C:\windows\System32\drivers\ADIHdAud.sys  (File not found)

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"RsvLock" (RsvLock) - "SafeBoot International" - C:\windows\system32\drivers\RsvLock.sys

"SafeBoot" (SafeBoot) - "SafeBoot International" - C:\windows\system32\drivers\SafeBoot.sys  (File is exclusively opened, access blocked)

"SbAlg" (SbAlg) - "SafeBoot N.V." - C:\windows\system32\drivers\SbAlg.sys

"SbFsLock" (SbFsLock) - "SafeBoot International" - C:\windows\system32\drivers\SbFsLock.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys

"TIEHDUSB" (TIEHDUSB) - "Texas Instruments Incorporated" - C:\windows\System32\drivers\tiehdusb.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

 "CorelDRAW ESSENTIALS Shell Extension Component" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{92644C80-C318-408A-9EDA-1B0C245D73A5} "File Sanitizer" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll

{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "FileTimeShlExt Class" - "Texas Instruments Incorporated" - C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\windows\system32\btncopy.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

{0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{3134413B-49B4-425C-98A5-893C1F195601} "BHO_Startup Class" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

{DF21F1DB-80C6-11D3-9483-B03D0EC10000} "Credential Manager for HP ProtectTools" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Notification packages" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

"Wallpaper4U" - "blppSoft" - C:\Program Files\Wallpaper4U\Wallpaper4U.exe -w

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"accrdsub" - "ActivIdentity" - "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

"CognizanceTS" - "Bioscrypt Inc." - rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule

"File Sanitizer" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe

"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"HP Universal Print Monitor" - "Hewlett-Packard" - C:\windows\system32\HPMPW081.DLL

"PrintServer" - ? - prtserv.dll  (File not found)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll

"@C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"ActivClient Middleware Service" (accoca) - "ActivIdentity" - c:\Program Files\ActivIdentity\ActivClient\accoca.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

"Drive Encryption Service" (HpFkCryptService) - "SafeBoot International" - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

"File Sanitizer for HP ProtectTools" (HPFSService) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe

"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

"HP ProtectTools Service" (HP ProtectTools Service) - "Hewlett-Packard Development Company, L.P" - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"Local Communication Channel" (ASChannel) - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll

"Logon Session Broker" (ASBroker) - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll

"Remote Procedure Call (RPC) Net" (rpcnet) - "Absolute Software Corp." - C:\windows\system32\rpcnet.exe

"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und dann noch das von MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Compaq 6735s
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 210):
0x8201D000 \SystemRoot\system32\ntkrnlpa.exe
0x823D6000 \SystemRoot\system32\hal.dll
0x80602000 \SystemRoot\system32\kdcom.dll
0x80609000 \SystemRoot\system32\PSHED.dll
0x8061A000 \SystemRoot\system32\BOOTVID.dll
0x80622000 \SystemRoot\system32\CLFS.SYS
0x80663000 \SystemRoot\system32\CI.dll
0x80743000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807B4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8260E000 \SystemRoot\system32\drivers\acpi.sys
0x82654000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8265D000 \SystemRoot\system32\drivers\msisadrv.sys
0x82665000 \SystemRoot\system32\drivers\pci.sys
0x8268C000 \SystemRoot\system32\drivers\isapnp.sys
0x8269B000 \SystemRoot\system32\drivers\mpio.sys
0x826B7000 \SystemRoot\System32\drivers\partmgr.sys
0x826C6000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x826C9000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x826D3000 \SystemRoot\system32\drivers\volmgr.sys
0x826E2000 \SystemRoot\System32\drivers\volmgrx.sys
0x8272C000 \SystemRoot\system32\drivers\intelide.sys
0x82733000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82741000 \SystemRoot\system32\drivers\pciide.sys
0x82748000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x82775000 \SystemRoot\system32\drivers\aliide.sys
0x8277C000 \SystemRoot\system32\drivers\amdide.sys
0x82783000 \SystemRoot\system32\drivers\cmdide.sys
0x8278B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8279B000 \SystemRoot\system32\drivers\msdsm.sys
0x827B5000 \SystemRoot\system32\drivers\nvraid.sys
0x827D0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x827F1000 \SystemRoot\system32\drivers\viaide.sys
0x83401000 \SystemRoot\system32\drivers\iastorv.sys
0x834A2000 \SystemRoot\system32\drivers\atapi.sys
0x834AA000 \SystemRoot\system32\drivers\ataport.SYS
0x834C8000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x834E2000 \SystemRoot\system32\drivers\storport.sys
0x83523000 \SystemRoot\system32\drivers\msahci.sys
0x8352D000 \SystemRoot\system32\drivers\hpcisss.sys
0x83538000 \SystemRoot\system32\drivers\adp94xx.sys
0x835A2000 \SystemRoot\system32\drivers\adpahci.sys
0x807C2000 \SystemRoot\system32\drivers\adpu160m.sys
0x8360B000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x83631000 \SystemRoot\system32\drivers\adpu320.sys
0x83657000 \SystemRoot\system32\drivers\djsvs.sys
0x8366B000 \SystemRoot\system32\drivers\arc.sys
0x83681000 \SystemRoot\system32\drivers\arcsas.sys
0x83697000 \SystemRoot\system32\drivers\elxstor.sys
0x8372B000 \SystemRoot\system32\drivers\i2omp.sys
0x83735000 \SystemRoot\system32\drivers\iirsp.sys
0x83745000 \SystemRoot\system32\drivers\iteatapi.sys
0x83751000 \SystemRoot\system32\drivers\iteraid.sys
0x8375D000 \SystemRoot\system32\drivers\lsi_fc.sys
0x83777000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8378F000 \SystemRoot\system32\drivers\megasas.sys
0x87E00000 \SystemRoot\system32\drivers\megasr.sys
0x87EB7000 \SystemRoot\system32\drivers\mraid35x.sys
0x87EC2000 \SystemRoot\system32\drivers\nfrd960.sys
0x87ED0000 \SystemRoot\system32\drivers\nvstor.sys
0x88005000 \SystemRoot\system32\drivers\ql2300.sys
0x8813D000 \SystemRoot\system32\drivers\ql40xx.sys
0x88192000 \SystemRoot\system32\drivers\sisraid2.sys
0x8819F000 \SystemRoot\system32\drivers\sisraid4.sys
0x881B4000 \SystemRoot\system32\drivers\symc8xx.sys
0x881C0000 \SystemRoot\system32\drivers\sym_hi.sys
0x881CB000 \SystemRoot\system32\drivers\sym_u3.sys
0x87EDD000 \SystemRoot\system32\drivers\uliahci.sys
0x881D6000 \SystemRoot\system32\drivers\ulsata.sys
0x87F19000 \SystemRoot\system32\drivers\ulsata2.sys
0x87F45000 \SystemRoot\system32\drivers\vsmraid.sys
0x87F66000 \SystemRoot\System32\Drivers\SbAlg.sys
0x87F71000 \SystemRoot\system32\drivers\fltmgr.sys
0x87FA3000 \SystemRoot\system32\drivers\fileinfo.sys
0x881F7000 \SystemRoot\System32\Drivers\SbFsLock.sys
0x8820E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8827F000 \SystemRoot\system32\drivers\ndis.sys
0x8838A000 \SystemRoot\system32\drivers\msrpc.sys
0x883B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x88403000 \SystemRoot\System32\drivers\tcpip.sys
0x884ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8860A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8871A000 \SystemRoot\system32\drivers\wd.sys
0x88722000 \SystemRoot\system32\drivers\volsnap.sys
0x8875B000 \SystemRoot\System32\Drivers\spldr.sys
0x88763000 \SystemRoot\system32\drivers\sbp2port.sys
0x88778000 \SystemRoot\System32\Drivers\SafeBoot.sys
0x88791000 \SystemRoot\System32\Drivers\mup.sys
0x887A0000 \SystemRoot\System32\drivers\ecache.sys
0x887C7000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x887D0000 \SystemRoot\system32\drivers\disk.sys
0x887E1000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x887E9000 \SystemRoot\system32\drivers\crcdisk.sys
0x8851E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88529000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88532000 \SystemRoot\system32\DRIVERS\processr.sys
0x9C200000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9C6CF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9C770000 \SystemRoot\System32\drivers\watchdog.sys
0x9C77C000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x9CE0E000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x9CF38000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9CF50000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x9CF5A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9CF98000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88541000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9CFA7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9CFBA000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x9CFBF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9C801000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9C93E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9C940000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9C94B000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x9C956000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9C95A000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x9C95D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9C96D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9C974000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x9C97D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9C9AC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9C9B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9C9CE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9C9D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9CFCA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9CFD9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9C7CB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9CFED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9CE00000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x9C9FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x885CE000 \SystemRoot\system32\DRIVERS\ks.sys
0x9C7E0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9C7EA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x87FB3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9C7F7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x87FE8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x83799000 \SystemRoot\system32\drivers\HdAudio.sys
0x9D60B000 \SystemRoot\system32\drivers\portcls.sys
0x9D638000 \SystemRoot\system32\drivers\drmk.sys
0x9D65D000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9D783000 \SystemRoot\system32\drivers\modem.sys
0x9D790000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9D799000 \SystemRoot\System32\Drivers\Null.SYS
0x9D7A0000 \SystemRoot\System32\Drivers\Beep.SYS
0x9D7A7000 \SystemRoot\System32\drivers\vga.sys
0x9D7B3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9D7D4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9D7DD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9D7E5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9D7ED000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9D7F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x883F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9D600000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x837D8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9D805000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x9D9BE000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x9D9CB000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x9D9D2000 \SystemRoot\system32\DRIVERS\smb.sys
0x9DA04000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9DA36000 \SystemRoot\system32\drivers\afd.sys
0x9DA7E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9DA94000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9DAA2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9DAB5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9DABB000 \SystemRoot\System32\Drivers\RsvLock.SYS
0x9DABD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9DAF9000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9DB21000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9DB2B000 \SystemRoot\System32\Drivers\dfsc.sys
0x9DB42000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x9DB65000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9DB72000 \SystemRoot\System32\Drivers\bthport.sys
0x9DBF2000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x9DE0E000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9DE37000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x9DE41000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9DE5B000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x9DE6A000 \SystemRoot\system32\drivers\btwavdt.sys
0x9DED5000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x9DEE1000 \SystemRoot\system32\drivers\btwaudio.sys
0x9DF61000 \SystemRoot\system32\DRIVERS\udfs.sys
0x9DF9C000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x9DF9F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9DFAC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9DFB7000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9DFC1000 \SystemRoot\System32\Drivers\dump_SbHiber.sys
0xA56D0000 \SystemRoot\System32\win32k.sys
0x9DFC2000 \SystemRoot\System32\drivers\Dxapi.sys
0x9DFCC000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA58F0000 \SystemRoot\System32\TSDDD.dll
0xA5910000 \SystemRoot\System32\cdd.dll
0x9DFDB000 \SystemRoot\system32\drivers\luafv.sys
0x9D9E6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA8C09000 \SystemRoot\system32\drivers\spsys.sys
0xA8CB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA8CC9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA8CF3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8CFD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA8D10000 \SystemRoot\system32\drivers\HTTP.sys
0xA8D7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA8D9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA8DB3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA8DC8000 \SystemRoot\system32\drivers\mrxdav.sys
0x807DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB404000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB43D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB455000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB47D000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB4E3000 \SystemRoot\system32\drivers\peauth.sys
0xAB5C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAB5CB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x77190000 \Windows\System32\ntdll.dll

Processes (total 83):
0 System Idle Process
4 System
420 C:\Windows\System32\smss.exe
496 csrss.exe
556 C:\Windows\System32\wininit.exe
568 csrss.exe
600 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\winlogon.exe
844 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
936 C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
960 C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
996 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\Ati2evxx.exe
1116 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\audiodg.exe
1296 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\SLsvc.exe
1392 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\hpservice.exe
1572 C:\Windows\System32\svchost.exe
1612 C:\Windows\System32\Ati2evxx.exe
1900 C:\Windows\System32\spoolsv.exe
1912 C:\Windows\System32\taskeng.exe
1924 C:\Windows\System32\wlanext.exe
1992 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2008 C:\Windows\System32\svchost.exe
1076 C:\Program Files\ActivIdentity\ActivClient\accoca.exe
2052 C:\Windows\System32\agrsmsvc.exe
2088 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2108 C:\Windows\System32\svchost.exe
2196 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
2228 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
2264 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2348 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2376 C:\Windows\System32\svchost.exe
2416 C:\Windows\System32\svchost.exe
2436 C:\Windows\System32\svchost.exe
2452 C:\Windows\System32\rpcnet.exe
2492 C:\Windows\System32\svchost.exe
2548 C:\Windows\System32\svchost.exe
2632 C:\Windows\System32\SearchIndexer.exe
2760 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2984 WmiPrvSE.exe
3588 C:\Windows\System32\taskeng.exe
3704 C:\Windows\System32\dwm.exe
3756 C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
3792 C:\Windows\explorer.exe
1908 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3568 WmiPrvSE.exe
824 C:\Program Files\Windows Defender\MSASCui.exe
4064 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
4088 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
2876 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
624 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
868 C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
3212 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3344 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1756 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2916 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3304 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2580 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
3536 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
1536 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4316 C:\Program Files\Windows Sidebar\sidebar.exe
4352 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4372 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
4668 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4968 C:\Program Files\Mozilla Firefox\firefox.exe
5396 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5720 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3204 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2344 C:\Windows\System32\taskeng.exe
1712 C:\Windows\System32\SearchProtocolHost.exe
3652 C:\Windows\System32\SearchFilterHost.exe
5304 C:\Windows\explorer.exe
5488 C:\Users\Admin\Downloads\MBRCheck.exe
2060 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`45b56000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000048`05a00000 (FAT32)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!