Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Kazy.mekml.1 (https://www.trojaner-board.de/97638-tr-kazy-mekml-1-a.html)

A22 18.04.2011 13:46
TR/Kazy.mekml.1
 
Hello!

Ich brauche eure Hilfe!!

Antivir zeigt mir ständig, dass ein Trojaner gefunden wurde

"TR/Kazy.mekml.1".

Darauf folgen Meldungen, dass meine Festplatte beschädigt sei (Kritischer Fehler). Der PC fährt dann nach einer Zeit herunter.
Auf meine Dateien kann ich nicht zugreifen, der Hintergrundbildschirm ist schwarz.

OTL-Dateien poste ich gleich!

Ich bedanke mich sehr im Voraus!!

A22 18.04.2011 14:05
OTL Logfile:
Code:
OTL logfile created on: 4/18/2011 2:39:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\***\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 21.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.15 Gb Total Space | 50.70 Gb Free Space | 34.45% Space Free | Partition Type: NTFS
Drive D: | 135.84 Gb Total Space | 135.75 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
PRC - C:\Program Files\Giraffic\GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files\Giraffic\Giraffic.exe (Giraffic)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe ()
PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McAfee SiteAdvisor Service) --  File not found
SRV - (Giraffic) -- C:\Program Files\Giraffic\GirafficWatchdog.exe (Giraffic)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2653012
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: support@free-hideip.com:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {1469C7BC-C5B7-4E79-B3B0-FD76B0685D7F}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
FF - prefs.js..network.proxy.ftp: "128.10.19.53"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "128.10.19.53"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "128.10.19.53"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.socks: "128.10.19.53"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "128.10.19.53"
FF - prefs.js..network.proxy.ssl_port: 3127
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/11 10:14:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/11 10:14:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 08:11:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 16:39:03 | 000,000,000 | ---D | M]
 
[2010/06/20 00:03:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011/04/18 12:31:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1wcky341.default\extensions
[2011/04/18 13:12:40 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1wcky341.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/18 13:12:39 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1wcky341.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/18 13:12:39 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1wcky341.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/18 13:12:40 | 000,000,000 | -H-D | M] (Free Hide IP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1wcky341.default\extensions\support@free-hideip.com
[2011/03/08 21:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/04/11 10:14:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/11 10:14:16 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/04/18 13:12:43 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\***\APPDATA\LOCAL\{1469C7BC-C5B7-4E79-B3B0-FD76B0685D7F}
[2010/12/09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/03/25 08:11:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/25 08:11:06 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/25 08:11:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/25 08:11:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/25 08:11:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/06/20 00:06:19 | 000,408,517 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        www.123fporn.info
O1 - Hosts: 14124 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eraser]  File not found
O4 - HKLM..\Run: [fsn] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Bhogiqivoqul] C:\Users\***\AppData\Local\igilukelikuf.dll (Creative Technology Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Jkutuluyet] C:\Users\***\AppData\Local\KBDa07.dll (FileZilla Project)
O4 - HKCU..\Run: [PFmPbJoHGuT] C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{99f81b3d-aa22-11df-b4c0-002454828e22}\Shell - "" = AutoRun
O33 - MountPoints2\{99f81b3d-aa22-11df-b4c0-002454828e22}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/18 11:59:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{1469C7BC-C5B7-4E79-B3B0-FD76B0685D7F}
[2011/04/18 11:57:41 | 000,569,344 | -H-- | C] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011/04/16 14:42:34 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Shwayze
[2011/04/14 20:21:29 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\kwrpla2d
[2011/04/14 06:11:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/13 23:46:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/04/13 23:46:00 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/04/13 23:45:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe
[2011/04/13 23:45:58 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2011/04/13 23:45:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2011/04/13 23:45:48 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/04/13 23:45:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/04/13 23:45:48 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/04/13 23:45:48 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/04/13 23:45:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/04/13 23:45:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/04/13 23:45:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/04/13 23:45:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/04/13 23:45:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/04/13 23:45:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/04/13 23:45:47 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/04/13 23:45:33 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011/04/13 23:45:32 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe
[2011/04/13 23:45:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/04/13 23:45:27 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll
[2011/04/13 23:45:26 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll
[2011/04/13 00:06:53 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\DDMSettings
[2011/04/11 22:33:23 | 001,583,826 | -H-- | C] (Macromedia, Inc.) -- C:\Users\***\Desktop\VIVA-RADIO.exe
[2011/04/05 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2011/04/04 00:36:01 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2011/04/04 00:35:58 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011/04/01 16:19:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Cisco
[2011/04/01 16:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011/04/01 16:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/04/01 16:18:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Cisco
[2011/03/26 10:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2010/06/22 10:35:23 | 000,138,304 | ---- | C] (Phoenix Technologies) -- C:\Program Files\Common Files\osdinst.dll
[2009/07/14 01:24:44 | 000,370,176 | -H-- | C] (Creative Technology Ltd.) -- C:\Users\***\AppData\Local\igilukelikuf.dll
[2009/07/14 01:24:44 | 000,097,280 | -H-- | C] (FileZilla Project) -- C:\Users\***\AppData\Local\KBDa07.dll
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/18 14:41:05 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 14:41:05 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 14:26:59 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 14:26:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/18 14:26:03 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 14:11:31 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/04/18 14:11:31 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/18 14:11:31 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/04/18 14:11:31 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/18 14:04:36 | 000,000,120 | -H-- | M] () -- C:\Users\***\AppData\Local\Ykixedokezezocoh.dat
[2011/04/18 14:00:05 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 12:35:10 | 000,099,282 | -H-- | M] () -- C:\Users\***\Desktop\bookmarks-2011-04-18.json
[2011/04/18 11:59:15 | 000,000,000 | -H-- | M] () -- C:\Users\***\AppData\Local\Dwarupehukuhoxaj.bin
[2011/04/18 11:57:41 | 000,569,344 | -H-- | M] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011/04/18 11:51:43 | 079,749,756 | -H-- | M] () -- C:\Users\***\Desktop\kcmotmteod2ei.rar
[2011/04/14 12:36:19 | 000,521,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/03/31 07:10:16 | 000,000,955 | -H-- | M] () -- C:\Users\***\Desktop\Winamp.lnk
[2011/03/26 21:23:22 | 000,719,968 | -H-- | M] () -- C:\Users\***\Documents\MY_DATA_032611_1.p2g
[2011/03/26 16:39:04 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/26 10:27:51 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/03/26 10:24:45 | 020,586,196 | -H-- | M] () -- C:\Users\***\Documents\vlc-1.1.8-win32.exe
[2011/03/21 18:12:59 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/18 12:35:04 | 000,099,282 | -H-- | C] () -- C:\Users\***\Desktop\bookmarks-2011-04-18.json
[2011/04/18 11:59:15 | 000,000,120 | -H-- | C] () -- C:\Users\***\AppData\Local\Ykixedokezezocoh.dat
[2011/04/18 11:59:15 | 000,000,000 | -H-- | C] () -- C:\Users\***\AppData\Local\Dwarupehukuhoxaj.bin
[2011/03/31 07:10:16 | 000,000,955 | -H-- | C] () -- C:\Users\***\Desktop\Winamp.lnk
[2011/03/26 20:53:36 | 000,719,968 | -H-- | C] () -- C:\Users\***\Documents\MY_DATA_032611_1.p2g
[2011/03/26 10:27:51 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/03/26 10:23:27 | 020,586,196 | -H-- | C] () -- C:\Users\***\Documents\vlc-1.1.8-win32.exe
[2010/12/11 22:54:50 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2010/12/03 01:44:31 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/08/23 00:27:53 | 000,056,943 | -H-- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010/08/15 17:43:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 20:58:46 | 000,001,024 | -H-- | C] () -- C:\windows\System32\grcauth2.dll
[2010/07/21 20:58:46 | 000,001,024 | -H-- | C] () -- C:\windows\System32\grcauth1.dll
[2010/07/21 20:58:46 | 000,000,100 | -H-- | C] () -- C:\windows\System32\prsgrc.dll
[2010/07/21 20:56:51 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll
[2010/07/21 20:56:51 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll
[2010/06/30 00:57:21 | 000,004,608 | -H-- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 11:54:43 | 000,284,160 | ---- | C] () -- C:\windows\unin0407.exe
[2010/06/22 10:35:23 | 001,097,038 | ---- | C] () -- C:\Program Files\Common Files\ptlosd.cab
[2010/06/22 10:35:14 | 000,076,800 | ---- | C] () -- C:\windows\System32\spekekit_bak.dll
[2010/06/20 11:52:53 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2010/06/20 11:52:53 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
[2010/06/20 11:52:53 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2010/06/20 11:52:53 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2010/06/20 11:52:53 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2010/06/20 11:52:53 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2010/06/20 11:52:53 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
[2010/06/20 11:52:53 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
[2010/06/20 11:52:53 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2010/06/20 11:52:53 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2010/06/20 11:52:52 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2010/06/20 11:52:52 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2010/06/20 11:52:52 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2010/06/20 11:52:52 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2010/06/20 11:52:52 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2010/06/20 11:52:52 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2010/06/20 11:52:52 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2010/06/20 11:52:52 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2010/06/20 11:52:52 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2010/06/20 11:50:34 | 000,000,025 | ---- | C] () -- C:\windows\CDE SX400DEFGIPS.ini
[2010/06/20 00:10:46 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2010/06/20 00:03:49 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/06/15 00:09:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/03/23 14:26:48 | 000,201,512 | ---- | C] () -- C:\windows\System32\vpnapi.dll
[2010/03/06 00:12:46 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/03/06 00:12:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/03/06 00:12:46 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/03/06 00:12:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/03/05 07:06:50 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/03/05 06:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/03/05 06:29:42 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,521,752 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2006/10/08 19:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini
 
========== LOP Check ==========
 
[2010/08/17 19:16:50 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011/04/18 11:39:32 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010/06/22 19:37:50 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2011/04/18 13:12:42 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter
[2011/04/18 13:12:42 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\FreeHideIP
[2011/04/18 13:12:42 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\GamesCafe
[2010/11/06 12:50:06 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Lingo4u
[2011/04/18 13:12:42 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011/04/18 13:12:39 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2010/09/29 22:24:09 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2010/07/27 13:00:10 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Sony
[2010/06/30 13:00:30 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\UDC Profiles
[2010/06/24 00:16:29 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2010/12/03 01:44:28 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Zylom
[2011/04/08 09:26:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:A26AC9FC

< End of report >
--- --- ---

[/PHP]

A22 18.04.2011 14:25
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 4/18/2011 2:39:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\***\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 21.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.15 Gb Total Space | 50.70 Gb Free Space | 34.45% Space Free | Partition Type: NTFS
Drive D: | 135.84 Gb Total Space | 135.75 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05AB8EF0-F783-11DF-83AC-001279CD8240}" = Google Earth Plug-in
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14F84065-1316-42C6-B619-1FE1880050E0}" = Xirrus Wi-Fi Inspector
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A546C16-7231-424C-907B-0BE17EA6F633}" = MAGIX Xtreme Grafik Designer 5 Download-Version
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PRO_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PRO_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PRO_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDC4FC15-480C-49C1-85DA-1CFBBFC6CD08}" = DVBT
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6BF9670-C9E9-461A-9B14-B5ADAC3176CF}" = Cisco AnyConnect VPN Client
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CUEcards 2000" = CUEcards 2000
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"Free FLV Converter_is1" = Free FLV Converter V 6.7.7
"Giraffic" = Giraffic Video Accelerator
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Xtreme Foto & Grafik Designer 5 Download-Version D" = MAGIX Xtreme Foto & Grafik Designer 5 Download-Version 5.0.405.1305 (D)
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PRO" = Microsoft Office Professional 2007
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Update Service" = Update Service
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.8
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 18.04.2011 14:26
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

A22 18.04.2011 14:52
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6389

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.04.2011 15:51:12
mbam-log-2011-04-18 (15-51-12).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 157888
Laufzeit: 14 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
c:\programdata\pfmpbjohgut.exe (Trojan.Agent) -> 4544 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\***\AppData\Local\KBDa07.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\***\AppData\Local\igilukelikuf.dll (Trojan.Agent.U) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jkutuluyet (Trojan.Hiloti) -> Value: Jkutuluyet -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PFmPbJoHGuT (Trojan.Agent) -> Value: PFmPbJoHGuT -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bhogiqivoqul (Trojan.Agent.U) -> Value: Bhogiqivoqul -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\KBDa07.dll (Trojan.Hiloti) -> Delete on reboot.
c:\programdata\pfmpbjohgut.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\33414920.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\mweasnxroc.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\err.log1175108 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\tmp66DD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\Adobe\plugs\kb1176777.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\igilukelikuf.dll (Trojan.Agent.U) -> Delete on reboot.

cosinus 18.04.2011 14:54
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

A22 18.04.2011 15:18
Vielen Dank für deine schnelle Antwort! =)

Antivir zeigt nun zumindest keine Meldung mehr von "TR/Kazy.mekml.1", nachdem ich die infizierten Dateien mit Quickscan gelöscht habe.
Der Desktophintergrund ist nach wie vor schwarz und Zugriff auf Dateien habe ich noch immer nicht.

Ich führe gerade den vollständigen Scan aus.

Neue Logdatei kommt gleich, falls der nicht wieder herunterfährt ;)

A22 18.04.2011 16:18
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6389

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.04.2011 17:16:57
mbam-log-2011-04-18 (17-16-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 294509
Laufzeit: 1 Stunde(n), 17 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jkutuluyet (Trojan.Agent.U) -> Value: Jkutuluyet -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bhogiqivoqul (Trojan.Agent.U) -> Value: Bhogiqivoqul -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 18.04.2011 16:27
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
PRC - C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:A26AC9FC
[2010/08/23 00:27:53 | 000,056,943 | -H-- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010/06/15 00:09:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/04/18 14:04:36 | 000,000,120 | -H-- | M] () -- C:\Users\***\AppData\Local\Ykixedokezezocoh.dat
[2011/04/18 11:59:15 | 000,000,000 | -H-- | M] () -- C:\Users\***\AppData\Local\Dwarupehukuhoxaj.bin
[2011/04/18 11:57:41 | 000,569,344 | -H-- | M] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011/04/18 11:59:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{1469C7BC-C5B7-4E79-B3B0-FD76B0685D7F}
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{99f81b3d-aa22-11df-b4c0-002454828e22}\Shell - "" = AutoRun
O33 - MountPoints2\{99f81b3d-aa22-11df-b4c0-002454828e22}\Shell\AutoRun\command - "" = G:\Autorun.exe
O4 - HKCU..\Run: [Jkutuluyet] C:\Users\***\AppData\Local\KBDa07.dll (FileZilla Project)
O4 - HKCU..\Run: [PFmPbJoHGuT] C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
O4 - HKCU..\Run: [Bhogiqivoqul] C:\Users\***\AppData\Local\igilukelikuf.dll (Creative Technology Ltd.)
FF - prefs.js..network.proxy.ftp: "128.10.19.53"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "128.10.19.53"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "128.10.19.53"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.socks: "128.10.19.53"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "128.10.19.53"
FF - prefs.js..network.proxy.ssl_port: 3127
FF - prefs.js..network.proxy.type: 0
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (McAfee SiteAdvisor Service) --  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

A22 18.04.2011 16:42
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99f81b3d-aa22-11df-b4c0-002454828e22}\ not found.
File G:\Autorun.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Jkutuluyet not found.
File C:\Users\***\AppData\Local\KBDa07.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PFmPbJoHGuT not found.
File C:\ProgramData\PFmPbJoHGuT.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Bhogiqivoqul not found.
File C:\Users\***\AppData\Local\igilukelikuf.dll not found.
Prefs.js: "128.10.19.53" removed from network.proxy.ftp
Prefs.js: 3127 removed from network.proxy.ftp_port
Prefs.js: "128.10.19.53" removed from network.proxy.gopher
Prefs.js: 3127 removed from network.proxy.gopher_port
Prefs.js: "128.10.19.53" removed from network.proxy.http
Prefs.js: 3127 removed from network.proxy.http_port
Prefs.js: "128.10.19.53" removed from network.proxy.socks
Prefs.js: 3127 removed from network.proxy.socks_port
Prefs.js: "128.10.19.53" removed from network.proxy.ssl
Prefs.js: 3127 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Error: Unable to stop service Rezip!
Service Rezip deleted successfully!
C:\Windows\System32\Rezip.exe moved successfully.
Service McAfee SiteAdvisor Service stopped successfully!
Service McAfee SiteAdvisor Service deleted successfully!
File File not found not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: ***
->Temp folder emptied: 616334296 bytes
->Temporary Internet Files folder emptied: 119243993 bytes
->Java cache emptied: 10036 bytes
->FireFox cache emptied: 72207600 bytes
->Flash cache emptied: 129653 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31042833 bytes
RecycleBin emptied: 40501012 bytes

Total Files Cleaned = 839.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04182011_173511

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 18.04.2011 16:45
Zitat:
File C:\Users\***\AppData\Local\KBDa07.dll not found.
hast du die Sternchen VOR dem ausführen des Scripts in den richtigen Namen editiert?

A22 18.04.2011 16:48
Ja habe ich! :)

Bildschirm kann ich wieder umstellen, Dateien sind wieder sichtbar.

Ist jetzt alles wieder sauber?

cosinus 18.04.2011 16:51
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

A22 18.04.2011 17:25
2011/04/18 18:05:21.0950 4696 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 18:05:23.0978 4696 ================================================================================
2011/04/18 18:05:23.0978 4696 SystemInfo:
2011/04/18 18:05:23.0978 4696
2011/04/18 18:05:23.0978 4696 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/18 18:05:23.0978 4696 Product type: Workstation
2011/04/18 18:05:23.0978 4696 ComputerName: ***-PC
2011/04/18 18:05:23.0978 4696 UserName: ***
2011/04/18 18:05:23.0978 4696 Windows directory: C:\windows
2011/04/18 18:05:23.0978 4696 System windows directory: C:\windows
2011/04/18 18:05:23.0978 4696 Processor architecture: Intel x86
2011/04/18 18:05:23.0978 4696 Number of processors: 4
2011/04/18 18:05:23.0978 4696 Page size: 0x1000
2011/04/18 18:05:23.0978 4696 Boot type: Normal boot
2011/04/18 18:05:23.0978 4696 ================================================================================
2011/04/18 18:06:05.0754 4696 Initialize success
2011/04/18 18:06:28.0265 5144 ================================================================================
2011/04/18 18:06:28.0265 5144 Scan started
2011/04/18 18:06:28.0265 5144 Mode: Manual;
2011/04/18 18:06:28.0265 5144 ================================================================================
2011/04/18 18:06:39.0341 5144 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/04/18 18:06:41.0681 5144 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/04/18 18:06:43.0819 5144 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/04/18 18:06:46.0330 5144 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/04/18 18:06:49.0481 5144 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/04/18 18:06:52.0149 5144 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/04/18 18:06:54.0739 5144 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/04/18 18:06:56.0673 5144 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/04/18 18:06:59.0668 5144 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/04/18 18:07:02.0383 5144 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/04/18 18:07:04.0613 5144 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/04/18 18:07:07.0733 5144 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/04/18 18:07:10.0027 5144 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/04/18 18:07:12.0725 5144 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/04/18 18:07:15.0315 5144 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/04/18 18:07:17.0639 5144 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/04/18 18:07:19.0168 5144 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/04/18 18:07:22.0413 5144 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/04/18 18:07:25.0720 5144 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/04/18 18:07:26.0719 5144 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/04/18 18:07:28.0653 5144 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/04/18 18:07:30.0463 5144 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/04/18 18:07:34.0612 5144 athr (ee32c0a39b6d3d0834c4d46d8c45e1d0) C:\windows\system32\DRIVERS\athr.sys
2011/04/18 18:07:38.0715 5144 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys
2011/04/18 18:07:41.0445 5144 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\windows\system32\DRIVERS\avipbb.sys
2011/04/18 18:07:44.0924 5144 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/04/18 18:07:48.0668 5144 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/04/18 18:07:51.0585 5144 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/04/18 18:07:53.0816 5144 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/04/18 18:07:55.0282 5144 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/04/18 18:07:58.0028 5144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/04/18 18:07:59.0276 5144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/04/18 18:08:02.0006 5144 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/04/18 18:08:03.0113 5144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/04/18 18:08:06.0062 5144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/04/18 18:08:07.0247 5144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/04/18 18:08:09.0853 5144 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/04/18 18:08:10.0820 5144 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/04/18 18:08:11.0803 5144 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/04/18 18:08:14.0838 5144 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/04/18 18:08:16.0850 5144 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/04/18 18:08:18.0800 5144 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/04/18 18:08:20.0734 5144 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/04/18 18:08:22.0310 5144 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/04/18 18:08:23.0184 5144 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/04/18 18:08:26.0759 5144 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/04/18 18:08:27.0445 5144 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/04/18 18:08:30.0643 5144 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/04/18 18:08:31.0002 5144 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/04/18 18:08:32.0905 5144 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/04/18 18:08:36.0041 5144 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/04/18 18:08:42.0421 5144 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\windows\system32\DRIVERS\CVirtA.sys
2011/04/18 18:08:44.0402 5144 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\windows\system32\Drivers\CVPNDRVA.sys
2011/04/18 18:08:47.0304 5144 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/04/18 18:08:47.0719 5144 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/04/18 18:08:48.0331 5144 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/04/18 18:08:49.0844 5144 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\windows\system32\DRIVERS\dne2000.sys
2011/04/18 18:08:50.0062 5144 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/04/18 18:08:50.0484 5144 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/04/18 18:08:51.0438 5144 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/04/18 18:08:51.0953 5144 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/04/18 18:08:52.0546 5144 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/04/18 18:08:52.0655 5144 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/04/18 18:08:55.0712 5144 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/04/18 18:08:57.0038 5144 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/04/18 18:08:57.0070 5144 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/04/18 18:08:59.0020 5144 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/04/18 18:09:04.0152 5144 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/04/18 18:09:07.0430 5144 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/04/18 18:09:09.0684 5144 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/04/18 18:09:10.0745 5144 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
2011/04/18 18:09:13.0865 5144 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/04/18 18:09:15.0550 5144 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/04/18 18:09:15.0784 5144 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/04/18 18:09:15.0862 5144 ggflt (007aea2e06e7cef7372e40c277163959) C:\windows\system32\DRIVERS\ggflt.sys
2011/04/18 18:09:18.0982 5144 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\windows\system32\DRIVERS\ggsemc.sys
2011/04/18 18:09:19.0762 5144 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/04/18 18:09:22.0975 5144 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/04/18 18:09:23.0194 5144 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 18:09:25.0502 5144 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/04/18 18:09:27.0952 5144 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/04/18 18:09:30.0136 5144 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/04/18 18:09:30.0307 5144 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/04/18 18:09:30.0401 5144 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/04/18 18:09:30.0541 5144 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/04/18 18:09:30.0604 5144 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/04/18 18:09:30.0682 5144 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/04/18 18:09:32.0850 5144 iaStor (edf5ecc965faaa533d35e02f47b9132e) C:\windows\system32\DRIVERS\iaStor.sys
2011/04/18 18:09:34.0488 5144 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/04/18 18:09:42.0257 5144 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/04/18 18:09:42.0849 5144 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/04/18 18:09:45.0502 5144 Impcd (4a31216a5e97d46ee06069d9e06428fa) C:\windows\system32\DRIVERS\Impcd.sys
2011/04/18 18:09:49.0843 5144 IntcAzAudAddService (96282fbce4534c9bf147cffe9e1fa8db) C:\windows\system32\drivers\RTKVHDA.sys
2011/04/18 18:09:51.0828 5144 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/04/18 18:09:54.0107 5144 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/04/18 18:09:55.0336 5144 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 18:09:57.0200 5144 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/04/18 18:09:58.0024 5144 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/04/18 18:10:00.0528 5144 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/04/18 18:10:01.0395 5144 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/04/18 18:10:03.0333 5144 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/04/18 18:10:05.0899 5144 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/04/18 18:10:07.0944 5144 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/04/18 18:10:10.0433 5144 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/04/18 18:10:15.0728 5144 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/04/18 18:10:26.0452 5144 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/04/18 18:10:28.0963 5144 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/04/18 18:10:31.0614 5144 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/04/18 18:10:36.0992 5144 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/04/18 18:10:41.0140 5144 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/04/18 18:10:44.0753 5144 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/04/18 18:10:50.0854 5144 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/04/18 18:10:54.0139 5144 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/04/18 18:10:58.0421 5144 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/04/18 18:11:01.0408 5144 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/04/18 18:11:05.0043 5144 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/04/18 18:11:07.0168 5144 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/04/18 18:11:09.0031 5144 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/04/18 18:11:10.0804 5144 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/04/18 18:11:12.0366 5144 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/04/18 18:11:15.0973 5144 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/04/18 18:11:20.0364 5144 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 18:11:24.0527 5144 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 18:11:27.0972 5144 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 18:11:31.0363 5144 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/04/18 18:11:34.0395 5144 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/04/18 18:11:37.0064 5144 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/04/18 18:11:39.0315 5144 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/04/18 18:11:42.0799 5144 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/04/18 18:11:45.0031 5144 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/04/18 18:11:47.0498 5144 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/04/18 18:11:50.0500 5144 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/04/18 18:11:52.0347 5144 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/04/18 18:11:56.0445 5144 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/04/18 18:11:58.0892 5144 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/04/18 18:12:00.0714 5144 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/04/18 18:12:02.0581 5144 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/04/18 18:12:07.0452 5144 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/04/18 18:12:12.0890 5144 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/04/18 18:12:21.0202 5144 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/04/18 18:12:28.0825 5144 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/04/18 18:12:31.0595 5144 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/04/18 18:12:33.0673 5144 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/04/18 18:12:35.0329 5144 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/04/18 18:12:37.0722 5144 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/04/18 18:12:39.0575 5144 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/04/18 18:12:41.0547 5144 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/04/18 18:12:43.0062 5144 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/04/18 18:12:45.0999 5144 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/04/18 18:12:50.0171 5144 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/04/18 18:12:58.0327 5144 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/04/18 18:13:02.0613 5144 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\windows\system32\drivers\nvhda32v.sys
2011/04/18 18:13:17.0252 5144 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/04/18 18:13:23.0066 5144 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/04/18 18:13:26.0506 5144 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/04/18 18:13:29.0574 5144 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/04/18 18:13:31.0389 5144 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/04/18 18:13:34.0867 5144 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/04/18 18:13:37.0062 5144 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/04/18 18:13:39.0963 5144 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/04/18 18:13:42.0275 5144 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/04/18 18:13:44.0378 5144 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/04/18 18:13:45.0945 5144 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/04/18 18:13:47.0928 5144 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/04/18 18:13:50.0593 5144 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/04/18 18:13:54.0396 5144 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/04/18 18:13:56.0261 5144 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/04/18 18:13:58.0175 5144 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/04/18 18:14:00.0815 5144 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/04/18 18:14:04.0519 5144 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/04/18 18:14:06.0603 5144 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/04/18 18:14:08.0468 5144 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/04/18 18:14:10.0940 5144 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/04/18 18:14:12.0758 5144 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 18:14:15.0051 5144 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/04/18 18:14:18.0067 5144 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/04/18 18:14:21.0682 5144 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/04/18 18:14:24.0638 5144 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/04/18 18:14:26.0647 5144 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 18:14:28.0948 5144 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/04/18 18:14:31.0519 5144 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/04/18 18:14:34.0128 5144 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/04/18 18:14:37.0746 5144 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/04/18 18:14:39.0233 5144 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/04/18 18:14:42.0035 5144 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/04/18 18:14:44.0786 5144 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/04/18 18:14:47.0884 5144 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\windows\system32\DRIVERS\s0017bus.sys
2011/04/18 18:14:51.0532 5144 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\windows\system32\DRIVERS\s0017mdfl.sys
2011/04/18 18:14:53.0535 5144 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\windows\system32\DRIVERS\s0017mdm.sys
2011/04/18 18:14:56.0422 5144 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\windows\system32\DRIVERS\s0017mgmt.sys
2011/04/18 18:14:58.0913 5144 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\windows\system32\DRIVERS\s0017nd5.sys
2011/04/18 18:15:01.0419 5144 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\windows\system32\DRIVERS\s0017obex.sys
2011/04/18 18:15:04.0615 5144 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\windows\system32\DRIVERS\s0017unic.sys
2011/04/18 18:15:07.0043 5144 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
2011/04/18 18:15:09.0065 5144 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/04/18 18:15:12.0478 5144 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/04/18 18:15:15.0889 5144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/04/18 18:15:20.0455 5144 seehcri (e5b56569a9f79b70314fede6c953641e) C:\windows\system32\DRIVERS\seehcri.sys
2011/04/18 18:15:23.0783 5144 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/04/18 18:15:26.0013 5144 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/04/18 18:15:29.0631 5144 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/04/18 18:15:33.0982 5144 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/04/18 18:15:38.0544 5144 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/04/18 18:15:40.0745 5144 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/04/18 18:15:43.0804 5144 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/04/18 18:15:49.0118 5144 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/04/18 18:15:52.0442 5144 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/04/18 18:15:56.0970 5144 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/04/18 18:16:02.0127 5144 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/04/18 18:16:03.0552 5144 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/04/18 18:16:09.0869 5144 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
2011/04/18 18:16:09.0869 5144 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/18 18:16:10.0104 5144 sptd - detected Locked file (1)
2011/04/18 18:16:11.0857 5144 srv (4a9b0f215de2519e2363f91df25c1e97) C:\windows\system32\DRIVERS\srv.sys
2011/04/18 18:16:14.0513 5144 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\windows\system32\DRIVERS\srv2.sys
2011/04/18 18:16:17.0096 5144 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\windows\system32\DRIVERS\srvnet.sys
2011/04/18 18:16:17.0693 5144 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
2011/04/18 18:16:20.0429 5144 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/04/18 18:16:24.0598 5144 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/04/18 18:16:28.0030 5144 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
2011/04/18 18:16:31.0338 5144 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/04/18 18:16:36.0557 5144 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/04/18 18:16:38.0401 5144 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/04/18 18:16:42.0004 5144 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/04/18 18:16:45.0598 5144 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/04/18 18:16:58.0558 5144 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/04/18 18:16:59.0836 5144 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/04/18 18:17:01.0903 5144 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 18:17:04.0498 5144 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/04/18 18:17:05.0919 5144 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/04/18 18:17:09.0206 5144 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
2011/04/18 18:17:11.0133 5144 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/04/18 18:17:14.0748 5144 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/04/18 18:17:17.0191 5144 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/04/18 18:17:18.0845 5144 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/04/18 18:17:21.0668 5144 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/04/18 18:17:23.0692 5144 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/04/18 18:17:25.0742 5144 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/04/18 18:17:27.0719 5144 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/04/18 18:17:30.0701 5144 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/04/18 18:17:35.0618 5144 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/04/18 18:17:37.0456 5144 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 18:17:39.0754 5144 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/04/18 18:17:41.0794 5144 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/04/18 18:17:43.0875 5144 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/04/18 18:17:46.0728 5144 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/04/18 18:17:49.0836 5144 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/04/18 18:17:52.0150 5144 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/04/18 18:17:54.0576 5144 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/04/18 18:17:56.0460 5144 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/04/18 18:17:58.0703 5144 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/04/18 18:18:00.0501 5144 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/04/18 18:18:02.0233 5144 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/04/18 18:18:04.0060 5144 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/04/18 18:18:05.0535 5144 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\windows\system32\DRIVERS\vpnva.sys
2011/04/18 18:18:07.0623 5144 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/04/18 18:18:09.0398 5144 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/04/18 18:18:11.0100 5144 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/04/18 18:18:12.0496 5144 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/04/18 18:18:13.0591 5144 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/04/18 18:18:14.0715 5144 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/18 18:18:15.0235 5144 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/18 18:18:17.0322 5144 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/04/18 18:18:19.0014 5144 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/04/18 18:18:23.0073 5144 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/04/18 18:18:24.0562 5144 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/04/18 18:18:27.0425 5144 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/04/18 18:18:28.0744 5144 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/04/18 18:18:30.0675 5144 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/04/18 18:18:31.0571 5144 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/04/18 18:18:33.0219 5144 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 18:18:35.0340 5144 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
2011/04/18 18:19:06.0670 5144 ================================================================================
2011/04/18 18:19:06.0670 5144 Scan finished
2011/04/18 18:19:06.0670 5144 ================================================================================
2011/04/18 18:19:06.0695 5916 Detected object count: 1
2011/04/18 18:20:45.0625 5916 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/04/18 18:20:46.0888 5916 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/04/18 18:20:49.0003 5916 C:\windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/04/18 18:20:49.0003 5916 Locked file(sptd) - User select action: Delete

cosinus 18.04.2011 17:27
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

A22 18.04.2011 18:26
Combofix Logfile:
Code:
ComboFix 11-04-17.03 - *** 18.04.2011  19:14:47.2.4 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3061.1949 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\Cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-18 bis 2011-04-18  ))))))))))))))))))))))))))))))
.
.
2011-04-18 17:21 . 2011-04-18 17:21        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-18 17:03 . 2011-04-18 17:03        --------        d-----w-        c:\program files\CCleaner
2011-04-18 16:36 . 2011-04-18 16:48        --------        d-----w-        C:\Cofi
2011-04-18 15:35 . 2011-04-18 15:35        --------        d-----w-        C:\_OTL
2011-04-18 13:27 . 2011-04-18 13:27        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2011-04-18 13:27 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 13:27 . 2011-04-18 13:27        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-18 13:27 . 2011-04-18 13:27        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-18 13:27 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-15 19:42 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5963DEC-1C80-4408-B82D-C8ED1D48C0A7}\mpengine.dll
2011-04-13 21:46 . 2011-02-23 05:05        309760        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-04-13 21:46 . 2011-02-23 05:06        311296        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-04-13 21:46 . 2011-02-23 05:05        113664        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-04-13 21:46 . 2011-02-18 05:36        428032        ----a-w-        c:\windows\system32\vbscript.dll
2011-04-12 22:06 . 2011-04-12 22:06        --------        d-----w-        c:\users\***\AppData\Local\DDMSettings
2011-04-05 15:20 . 2011-04-05 15:20        --------        d-----w-        c:\program files\ConvertHelper
2011-04-03 22:36 . 2011-04-03 22:36        --------        d-----w-        c:\users\***\AppData\Local\Apple Computer
2011-04-03 22:35 . 2011-04-03 22:35        --------        d-----w-        c:\users\***\AppData\Roaming\Apple Computer
2011-04-01 14:19 . 2011-04-01 14:19        --------        d-----w-        c:\users\***\AppData\Local\Cisco
2011-04-01 14:18 . 2011-04-01 14:18        --------        d-----w-        c:\program files\Cisco
2011-04-01 14:18 . 2011-04-01 14:18        --------        d-----w-        c:\programdata\Cisco
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 16:12 . 2010-06-19 21:35        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 18:22        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 18:22        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 18:22        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-11 15:45 . 2011-02-11 15:45        8952        ----a-w-        c:\windows\system32\vpncategories.dll
2011-02-11 15:44 . 2011-02-11 15:44        28920        ----a-w-        c:\windows\system32\vpnevents.dll
2011-02-11 15:27 . 2011-02-11 15:27        19680        ----a-w-        c:\windows\system32\drivers\vpnva.sys
2011-02-03 05:45 . 2011-02-09 23:00        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-06-19 21:49        222080        ------w-        c:\windows\system32\MpSigStub.exe
2010-08-07 00:09 . 2010-08-07 00:09        6        ----a-w-        c:\program files\Common Files\UnInstallCompleted.tmp
2010-06-22 08:35 . 2010-06-22 08:35        138304        ----a-w-        c:\program files\Common Files\osdinst.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]
"fsn"="c:\program files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe" [2010-06-22 137792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-8 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-29 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-07-28 13224]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-11-25 125824]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Giraffic;Giraffic Video Accelerator;c:\program files\Giraffic\GirafficWatchdog.exe [2011-04-12 2316432]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-02-11 603896]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-28 27632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-29 22:27]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-29 22:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2653012
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1wcky341.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Free Hide IP: support@free-hideip.com - %profile%\extensions\support@free-hideip.com
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4296)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2011-04-18  19:23:14
ComboFix-quarantined-files.txt  2011-04-18 17:23
ComboFix2.txt  2011-04-18 16:48
.
Vor Suchlauf: 14 Verzeichnis(se), 57.532.354.560 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 57.475.026.944 Bytes frei
.
- - End Of File - - 307B4D811C9925258C334BB1A5589B49
--- --- ---

cosinus 18.04.2011 18:39
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

A22 18.04.2011 19:08
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 20:05:45 on 18.04.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\windows\system32\Drivers\CVPNDRVA.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys
"mbr" (mbr) - ? - C:\Cofi9001C\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{32099AAC-C132-4136-9E9A-4E364A424E17}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{E77F23EB-E7AB-4502-8F37-247DBAF1A147} "Windows Live Hotmail Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldde-de.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"VeohPlugin" - "Veoh Networks" - "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APLangApp" - "DoctorSoft" - "C:\Program Files\AnyPC Client\APLangApp.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Eraser" - "The Eraser Project" - "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
"fsn" - ? - C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"PDVD8LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"RemoteControl8" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePDRShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
"UpdatePPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
"UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"Giraffic Video Accelerator" (Giraffic) - "Giraffic" - C:\Program Files\Giraffic\GirafficWatchdog.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

A22 18.04.2011 19:11
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R530/R730/P590
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 196):
0x8364A000 \SystemRoot\system32\ntkrnlpa.exe
0x83613000 \SystemRoot\system32\halmacpi.dll
0x80BBE000 \SystemRoot\system32\kdcom.dll
0x8B835000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B8AD000 \SystemRoot\system32\PSHED.dll
0x8B8BE000 \SystemRoot\system32\BOOTVID.dll
0x8B8C6000 \SystemRoot\system32\CLFS.SYS
0x8B908000 \SystemRoot\system32\CI.dll
0x8B9B3000 \SystemRoot\system32\drivers\klmdb.sys
0x8BA29000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BA9A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BAA8000 \SystemRoot\System32\Drivers\sptd.sys
0x8BB9B000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8BBA4000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8BC02000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BC4A000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BC52000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BC5D000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BC87000 \SystemRoot\System32\drivers\partmgr.sys
0x8BC98000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8BCA0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8BCAB000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BCBB000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BD06000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BE17000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8BFCA000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8BFD3000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8BFF6000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BE0E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8BD1C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BD50000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C001000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C130000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C15B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C16E000 \SystemRoot\System32\Drivers\cng.sys
0x8C1CB000 \SystemRoot\System32\drivers\pcw.sys
0x8C1D9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C20E000 \SystemRoot\system32\drivers\ndis.sys
0x8C2C5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C303000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C328000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C367000 \SystemRoot\System32\Drivers\spldr.sys
0x8C36F000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C39C000 \SystemRoot\System32\Drivers\mup.sys
0x8C3AC000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C3B4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C3E6000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BD61000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x90800000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9081F000 \SystemRoot\System32\Drivers\Null.SYS
0x90826000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C1E2000 \SystemRoot\System32\drivers\vga.sys
0x8BD86000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C1EE000 \SystemRoot\System32\drivers\watchdog.sys
0x909F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C3F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BDA7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BDAF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BDBA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90C3D000 \SystemRoot\System32\drivers\tcpip.sys
0x90D86000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90DB7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90DCE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91427000 \SystemRoot\system32\drivers\afd.sys
0x91481000 \SystemRoot\System32\DRIVERS\netbt.sys
0x914B3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x914BA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x914D9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x914EA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x914F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9150B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9151B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91521000 \??\C:\windows\system32\Drivers\SABI.sys
0x91529000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9156A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91574000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9157E000 \SystemRoot\System32\drivers\discache.sys
0x9158A000 \SystemRoot\System32\Drivers\dfsc.sys
0x915A2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x915B0000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x915D6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x93004000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x939FE000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x9223C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x922F3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9232C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9234B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9235A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91E21000 \SystemRoot\system32\DRIVERS\athr.sys
0x91F55000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x91F5F000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x91FB0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91FB4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91FCC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x923A5000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x91FD9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91FDB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91FE8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91E00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x923DF000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x91E0D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92200000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92218000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92223000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90DD9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90C00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91FFA000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x91E1F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BDC8000 \SystemRoot\system32\DRIVERS\ks.sys
0x90C17000 \SystemRoot\system32\DRIVERS\umbus.sys
0x94C24000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x94C68000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94C79000 \SystemRoot\system32\drivers\nvhda32v.sys
0x94C9A000 \SystemRoot\system32\drivers\portcls.sys
0x94CC9000 \SystemRoot\system32\drivers\drmk.sys
0x96017000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x83170000 \SystemRoot\System32\win32k.sys
0x962ED000 \SystemRoot\System32\drivers\Dxapi.sys
0x962F7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9082D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96304000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x96315000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96320000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x96337000 \SystemRoot\System32\Drivers\usbvideo.sys
0x833D0000 \SystemRoot\System32\TSDDD.dll
0x9635B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x96366000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x96379000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x96380000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x83000000 \SystemRoot\System32\cdd.dll
0x9638B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x963A2000 \SystemRoot\system32\drivers\luafv.sys
0x963BD000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x963D2000 \SystemRoot\system32\drivers\WudfPf.sys
0x963EC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94CE2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x96000000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x94D28000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x94D3B000 \SystemRoot\System32\Drivers\fastfat.SYS
0x94D65000 \SystemRoot\system32\drivers\HTTP.sys
0x94DEA000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x94C00000 \SystemRoot\system32\DRIVERS\bowser.sys
0x90C25000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8BBCA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8B9C5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CE22000 \??\C:\windows\system32\Drivers\CVPNDRVA.sys
0x9CEB2000 \SystemRoot\system32\drivers\peauth.sys
0x9CF49000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CF53000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9CF74000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CF81000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3A13000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3AF0000 \??\C:\windows\system32\Drivers\PROCEXP113.SYS
0xA3AF2000 \??\C:\Users\***\AppData\Local\Temp\catchme.sys
0x77AA0000 \Windows\System32\ntdll.dll
0x484A0000 \Windows\System32\smss.exe
0x77CE0000 \Windows\System32\apisetschema.dll
0x004E0000 \Windows\System32\autochk.exe
0x77C70000 \Windows\System32\shlwapi.dll
0x779D0000 \Windows\System32\msctf.dll
0x77830000 \Windows\System32\setupapi.dll
0x77C20000 \Windows\System32\Wldap32.dll
0x77BF0000 \Windows\System32\imagehlp.dll
0x77760000 \Windows\System32\user32.dll
0x77680000 \Windows\System32\kernel32.dll
0x77520000 \Windows\System32\ole32.dll
0x77480000 \Windows\System32\usp10.dll
0x77BE0000 \Windows\System32\psapi.dll
0x77460000 \Windows\System32\imm32.dll
0x773D0000 \Windows\System32\oleaut32.dll
0x77290000 \Windows\System32\urlmon.dll
0x771E0000 \Windows\System32\rpcrt4.dll
0x77190000 \Windows\System32\gdi32.dll
0x77100000 \Windows\System32\clbcatq.dll
0x77050000 \Windows\System32\msvcrt.dll
0x77040000 \Windows\System32\lpk.dll
0x763F0000 \Windows\System32\shell32.dll
0x763E0000 \Windows\System32\nsi.dll
0x763C0000 \Windows\System32\sechost.dll
0x761C0000 \Windows\System32\iertutil.dll
0x76120000 \Windows\System32\advapi32.dll
0x760C0000 \Windows\System32\difxapi.dll
0x76040000 \Windows\System32\comdlg32.dll
0x76000000 \Windows\System32\ws2_32.dll
0x75F00000 \Windows\System32\wininet.dll
0x75EF0000 \Windows\System32\normaliz.dll
0x75EC0000 \Windows\System32\cfgmgr32.dll
0x75E70000 \Windows\System32\KernelBase.dll
0x75DE0000 \Windows\System32\comctl32.dll
0x75DC0000 \Windows\System32\devobj.dll
0x75CA0000 \Windows\System32\crypt32.dll
0x75C70000 \Windows\System32\wintrust.dll
0x75C60000 \Windows\System32\msasn1.dll

Processes (total 70):
0 System Idle Process
4 System
312 C:\Windows\System32\smss.exe
460 csrss.exe
532 C:\Windows\System32\wininit.exe
540 csrss.exe
592 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\nvvsvc.exe
876 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\winlogon.exe
1212 C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1272 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\spoolsv.exe
1708 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1732 C:\Windows\System32\svchost.exe
1868 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1920 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1932 C:\Windows\System32\nvvsvc.exe
2016 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2024 C:\Windows\System32\conhost.exe
504 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
372 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
1560 C:\Program Files\Giraffic\GirafficWatchdog.exe
892 C:\Program Files\CyberLink\Shared files\RichVideo.exe
1168 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
2132 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2220 C:\Program Files\Giraffic\Giraffic.exe
2516 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2576 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2804 C:\Windows\System32\SearchIndexer.exe
3624 C:\Windows\System32\taskhost.exe
3724 C:\Windows\System32\dwm.exe
3772 C:\Windows\System32\taskeng.exe
3916 C:\Windows\System32\svchost.exe
4032 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
4068 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
1528 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
1512 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3452 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
1108 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
3588 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1548 C:\Program Files\Eraser\Eraser.exe
1416 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2444 C:\Program Files\Winamp\winampa.exe
3660 C:\Program Files\Windows Media Player\wmpnetwk.exe
2644 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2680 C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
344 C:\Windows\System32\StikyNot.exe
1064 C:\Program Files\Windows Sidebar\sidebar.exe
2564 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
4296 C:\Windows\explorer.exe
2928 C:\Program Files\Mozilla Firefox\firefox.exe
2000 C:\Windows\System32\audiodg.exe
3260 C:\Windows\System32\SearchProtocolHost.exe
5236 C:\Windows\System32\taskhost.exe
5896 C:\Program Files\Winamp\winamp.exe
5080 C:\Windows\System32\notepad.exe
5072 C:\Windows\System32\SearchFilterHost.exe
1496 dllhost.exe
5288 dllhost.exe
1948 C:\Users\***\Desktop\MBRCheck.exe
4220 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000028`90300000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ10001

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus 18.04.2011 19:15
GMER ging nicht?

A22 18.04.2011 19:17
Nein, es funktionierte nicht.

cosinus 18.04.2011 19:18
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

A22 18.04.2011 21:06
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6391

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.04.2011 21:45:25
mbam-log-2011-04-18 (21-45-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 289977
Laufzeit: 1 Stunde(n), 4 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

A22 18.04.2011 21:19
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 04/18/2011 at 10:11 PM

Application Version : 4.50.1002

Core Rules Database Version : 6865
Trace Rules Database Version: 4677

Scan type : Quick Scan
Total Scan Time : 00:13:23

Memory items scanned : 750
Memory threats detected : 0
Registry items scanned : 2698
Registry threats detected : 0
File items scanned : 8900
File threats detected : 1

Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atdmt.combing[2].txt

cosinus 18.04.2011 21:38
Zitat:
Scan type : Quick Scan
Du solltest einen Vollscan mit SASW machen!

A22 18.04.2011 22:29
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 04/18/2011 bei 11:24 PM

Version der Applikation : 4.50.1002

Version der Kern-Datenbank : 6865
Version der Spur-Datenbank : 4677

Scan Art : kompletter Scann
Totale Scann-Zeit : 00:44:45

Gescannte Speicherelemente : 784
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 10513
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 27411
Erfasste Datei-Elemente : 0

cosinus 19.04.2011 10:45
Ok. Noch probleme offen?

A22 19.04.2011 12:25
Nein, es läuft wieder!

Vielen Dank für deine Hilfe!!! :D

cosinus 19.04.2011 19:55
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131