Dauert sehr lange bis sich mein Internetbrowser öffnet

masi76 · 05.02.2011, 06:24

Code:

ATTFilter

All processes killed
========== OTL ==========
Service stllssvr stopped successfully!
Service stllssvr deleted successfully!
File   File not found not found.
Service AddFiltr stopped successfully!
Service AddFiltr deleted successfully!
File   File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\D3dtwain deleted successfully.
C:\Users\Markus\AppData\Roaming\D3dvis\txttab.exe moved successfully.
C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Markus
->Temp folder emptied: 204991797 bytes
->Temporary Internet Files folder emptied: 55719528 bytes
->Java cache emptied: 146932 bytes
->FireFox cache emptied: 52507771 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 14896 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10632152 bytes
RecycleBin emptied: 1126 bytes
 
Total Files Cleaned = 309.00 mb
 
 
OTL by OldTimer - Version 3.2.20.6 log created on 02052011_061122

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP000000273151828696D42878 not found!

Registry entries deleted on Reboot...

cosinus · 06.02.2011, 19:56

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

masi76 · 08.02.2011, 06:28

Hi Arne, hie das combofix-logfile. Kurze Anmerkung, mein AntiVir-Guard
(das Schirmchen) lässt sich immer noch nicht aktivieren bzw. öffnen.
Bin momentan also nur sicherheitshalber auf meiner gmx- und der trojaner-
board-seite.

Code:

ATTFilter

ComboFix 11-02-06.02 - Markus 07/02/2011  19:16:16.3.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.1013.227 [GMT 1:00]
Running from: c:\users\Markus\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2011-01-07 to 2011-02-07  )))))))))))))))))))))))))))))))
.

2011-02-07 18:31 . 2011-02-07 18:31	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-02-07 18:31 . 2011-02-07 18:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-07 18:10 . 2011-02-07 18:11	--------	d-----w-	C:\32788R22FWJFW
2011-02-05 04:56 . 2011-02-05 04:56	--------	d-----w-	C:\_OTL
2011-02-04 06:22 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{093EF4AE-5790-4D29-853A-9F1A7E6D9173}\mpengine.dll
2011-02-02 16:15 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-02 16:15 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-02-02 16:15 . 2011-02-02 20:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-31 20:03 . 2011-01-31 20:03	--------	d-----w-	c:\users\Markus\AppData\Roaming\Uniblue
2011-01-31 20:02 . 2011-01-31 20:02	--------	d-----w-	c:\program files\Uniblue
2011-01-31 20:02 . 2011-01-31 20:02	--------	d-----w-	c:\users\Markus\AppData\Local\PackageAware
2011-01-30 16:58 . 2011-01-30 17:08	--------	d-----w-	c:\programdata\REPORTS
2011-01-30 16:58 . 2011-01-30 17:02	--------	d-----w-	c:\programdata\LOGFILES
2011-01-30 16:58 . 2011-01-30 16:58	--------	d-----w-	c:\programdata\INFECTED
2011-01-28 05:57 . 2011-02-05 05:11	--------	d-----w-	c:\users\Markus\AppData\Roaming\D3dvis
2011-01-12 19:33 . 2010-12-28 15:55	413696	----a-w-	c:\windows\system32\odbc32.dll
2011-01-12 19:33 . 2010-12-28 15:53	253952	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 19:33 . 2010-12-28 15:53	241664	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 19:33 . 2010-12-28 15:53	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 19:33 . 2010-12-28 15:53	57344	----a-w-	c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 19:33 . 2010-12-28 15:53	180224	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 19:33 . 2010-12-14 14:49	1169408	----a-w-	c:\windows\system32\sdclt.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 21:39 . 2009-03-19 07:26	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-11-23 09:51 . 2009-03-19 07:26	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-22 08:31 . 2010-11-22 08:31	94848	----a-w-	C:\uwldapow.sys
2010-11-12 17:53 . 2010-11-23 13:33	472808	----a-w-	c:\windows\system32\deployJava1.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-31 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-09 135336]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9deaa14fed3cc;Google Update Service (gupdate1c9deaa14fed3cc);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 133104]
R3 iatmunin;iatmunin;c:\users\Pim\AppData\Local\Temp\iatmunin.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-02-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-30 10:30]

2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 09:02]

2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 09:02]

2011-02-07 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]

2011-02-07 c:\windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]

2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{52C964EE-F448-412B-8FE7-0550962111FD}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
mSearchMigratedDefaultURL = hxxp://www.Google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
AddRemove-CCleaner - c:\users\Markus\Desktop\CCleaner\uninst.exe
AddRemove-Uniblue RegistryBooster - c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}\rbia.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}\rbia.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-07 19:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


c:\users\Markus\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-07  19:40:48
ComboFix-quarantined-files.txt  2011-02-07 18:40

Pre-Run: 33,958,313,984 bytes free
Post-Run: 33,824,866,304 bytes free

- - End Of File - - 7E79A352BB2851A829F754205BA18CF0

cosinus · 08.02.2011, 09:32

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

File::
c:\users\Pim\AppData\Local\Temp\iatmunin.sys

Driver::
iatmunin

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

masi76 · 08.02.2011, 20:13

Code:

ATTFilter

ComboFix 11-02-07.05 - Markus 08/02/2011  16:54:09.4.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.1013.353 [GMT 1:00]
Running from: c:\users\Markus\Desktop\ComboFix.exe
Command switches used :: c:\users\Markus\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\Pim\AppData\Local\Temp\iatmunin.sys"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IATMUNIN
-------\Service_iatmunin


(((((((((((((((((((((((((   Files Created from 2011-01-08 to 2011-02-08  )))))))))))))))))))))))))))))))
.

2011-02-08 16:09 . 2011-02-08 16:09	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-02-08 16:09 . 2011-02-08 16:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-05 04:56 . 2011-02-05 04:56	--------	d-----w-	C:\_OTL
2011-02-04 06:22 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{093EF4AE-5790-4D29-853A-9F1A7E6D9173}\mpengine.dll
2011-02-02 16:15 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-02 16:15 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-02-02 16:15 . 2011-02-02 20:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-31 20:03 . 2011-01-31 20:03	--------	d-----w-	c:\users\Markus\AppData\Roaming\Uniblue
2011-01-31 20:02 . 2011-01-31 20:02	--------	d-----w-	c:\program files\Uniblue
2011-01-31 20:02 . 2011-01-31 20:02	--------	d-----w-	c:\users\Markus\AppData\Local\PackageAware
2011-01-30 16:58 . 2011-01-30 17:08	--------	d-----w-	c:\programdata\REPORTS
2011-01-30 16:58 . 2011-01-30 17:02	--------	d-----w-	c:\programdata\LOGFILES
2011-01-30 16:58 . 2011-01-30 16:58	--------	d-----w-	c:\programdata\INFECTED
2011-01-28 05:57 . 2011-02-05 05:11	--------	d-----w-	c:\users\Markus\AppData\Roaming\D3dvis
2011-01-12 19:33 . 2010-12-28 15:55	413696	----a-w-	c:\windows\system32\odbc32.dll
2011-01-12 19:33 . 2010-12-28 15:53	253952	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 19:33 . 2010-12-28 15:53	241664	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 19:33 . 2010-12-28 15:53	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 19:33 . 2010-12-28 15:53	57344	----a-w-	c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 19:33 . 2010-12-28 15:53	180224	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 19:33 . 2010-12-14 14:49	1169408	----a-w-	c:\windows\system32\sdclt.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 21:39 . 2009-03-19 07:26	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-11-23 09:51 . 2009-03-19 07:26	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-22 08:31 . 2010-11-22 08:31	94848	----a-w-	C:\uwldapow.sys
2010-11-12 17:53 . 2010-11-23 13:33	472808	----a-w-	c:\windows\system32\deployJava1.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-31 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-09 135336]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9deaa14fed3cc;Google Update Service (gupdate1c9deaa14fed3cc);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-02-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-30 10:30]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 09:02]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 09:02]

2011-02-08 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]

2011-02-08 c:\windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]

2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{52C964EE-F448-412B-8FE7-0550962111FD}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
mSearchMigratedDefaultURL = hxxp://www.Google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-08 19:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-02-08  19:54:40 - machine was rebooted
ComboFix-quarantined-files.txt  2011-02-08 18:54
ComboFix2.txt  2011-02-07 18:40

Pre-Run: 32,949,858,304 bytes free
Post-Run: 33,356,500,992 bytes free

- - End Of File - - FFE246CDE9B03FD88AD439F43F55922F

masi76 · 22.02.2011, 07:53

Hi Arne,
hab gestern abend nochmal drübergeschaut,
bis jetzt keinen offensichtlichen Ausführungsfehler
gefunden.
Ich schau es mir aber heut abend nochmals an.

Bis dann.

masi76 · 23.02.2011, 19:40

Code:

ATTFilter

2011/02/23 19:29:27.0639 2272	TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/23 19:29:28.0060 2272	================================================================================
2011/02/23 19:29:28.0060 2272	SystemInfo:
2011/02/23 19:29:28.0060 2272	
2011/02/23 19:29:28.0060 2272	OS Version: 6.0.6002 ServicePack: 2.0
2011/02/23 19:29:28.0060 2272	Product type: Workstation
2011/02/23 19:29:28.0060 2272	ComputerName: PIM-PC
2011/02/23 19:29:28.0060 2272	UserName: Markus
2011/02/23 19:29:28.0060 2272	Windows directory: C:\Windows
2011/02/23 19:29:28.0060 2272	System windows directory: C:\Windows
2011/02/23 19:29:28.0060 2272	Processor architecture: Intel x86
2011/02/23 19:29:28.0060 2272	Number of processors: 1
2011/02/23 19:29:28.0060 2272	Page size: 0x1000
2011/02/23 19:29:28.0060 2272	Boot type: Normal boot
2011/02/23 19:29:28.0060 2272	================================================================================
2011/02/23 19:29:28.0824 2272	Initialize success
2011/02/23 19:29:36.0297 3768	================================================================================
2011/02/23 19:29:36.0297 3768	Scan started
2011/02/23 19:29:36.0297 3768	Mode: Manual; 
2011/02/23 19:29:36.0297 3768	================================================================================
2011/02/23 19:29:37.0654 3768	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/23 19:29:38.0013 3768	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/23 19:29:38.0200 3768	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/23 19:29:38.0325 3768	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/23 19:29:38.0418 3768	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/23 19:29:38.0590 3768	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/23 19:29:38.0839 3768	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/02/23 19:29:39.0042 3768	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/23 19:29:39.0276 3768	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/23 19:29:39.0510 3768	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/23 19:29:39.0682 3768	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/23 19:29:39.0822 3768	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/23 19:29:39.0978 3768	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/23 19:29:40.0555 3768	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/23 19:29:40.0743 3768	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/23 19:29:41.0039 3768	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/23 19:29:41.0211 3768	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/23 19:29:41.0507 3768	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/23 19:29:41.0788 3768	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/02/23 19:29:42.0022 3768	avipbb          (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/02/23 19:29:42.0287 3768	BCM43XV         (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/02/23 19:29:42.0443 3768	BCM43XX         (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/02/23 19:29:42.0615 3768	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/23 19:29:42.0927 3768	bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/23 19:29:43.0161 3768	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/23 19:29:43.0285 3768	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/23 19:29:43.0473 3768	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/23 19:29:43.0566 3768	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/23 19:29:43.0691 3768	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/23 19:29:43.0785 3768	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/23 19:29:44.0019 3768	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/02/23 19:29:44.0175 3768	BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/23 19:29:44.0409 3768	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/02/23 19:29:44.0674 3768	BTHPORT         (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/02/23 19:29:44.0923 3768	BTHUSB          (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/02/23 19:29:45.0282 3768	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/23 19:29:45.0485 3768	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/23 19:29:45.0657 3768	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/23 19:29:45.0828 3768	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/23 19:29:46.0125 3768	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/23 19:29:46.0296 3768	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/23 19:29:46.0437 3768	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/23 19:29:46.0593 3768	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/23 19:29:46.0702 3768	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/23 19:29:46.0951 3768	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/23 19:29:47.0232 3768	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/23 19:29:47.0497 3768	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/23 19:29:47.0685 3768	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/23 19:29:47.0887 3768	E100B           (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/02/23 19:29:48.0043 3768	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/23 19:29:48.0168 3768	eabfiltr        (a6476585b4fefee46a9f42e4d2bfdfa4) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/02/23 19:29:48.0418 3768	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/23 19:29:48.0683 3768	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/23 19:29:49.0011 3768	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/23 19:29:49.0135 3768	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/23 19:29:49.0276 3768	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/23 19:29:49.0479 3768	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/23 19:29:49.0619 3768	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/23 19:29:49.0744 3768	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/23 19:29:49.0884 3768	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/23 19:29:50.0227 3768	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/23 19:29:50.0368 3768	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/23 19:29:50.0571 3768	GEARAspiWDM     (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/02/23 19:29:50.0867 3768	HBtnKey         (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/02/23 19:29:51.0054 3768	HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
2011/02/23 19:29:51.0241 3768	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/23 19:29:51.0429 3768	HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/23 19:29:51.0569 3768	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/23 19:29:51.0787 3768	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/23 19:29:52.0021 3768	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/23 19:29:52.0302 3768	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/02/23 19:29:52.0489 3768	HSF_DPV         (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/02/23 19:29:52.0708 3768	HSXHWAZL        (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/02/23 19:29:52.0911 3768	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/02/23 19:29:53.0145 3768	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/23 19:29:53.0332 3768	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/23 19:29:53.0628 3768	ialm            (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/02/23 19:29:53.0878 3768	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/23 19:29:54.0205 3768	igfx            (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/02/23 19:29:54.0346 3768	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/23 19:29:54.0533 3768	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/02/23 19:29:54.0673 3768	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/23 19:29:54.0861 3768	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/23 19:29:55.0157 3768	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/23 19:29:55.0297 3768	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/23 19:29:55.0469 3768	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/23 19:29:55.0578 3768	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/23 19:29:55.0703 3768	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/23 19:29:55.0828 3768	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/23 19:29:55.0921 3768	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/23 19:29:56.0046 3768	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/23 19:29:56.0187 3768	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/23 19:29:56.0452 3768	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/23 19:29:56.0764 3768	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/23 19:29:56.0967 3768	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/23 19:29:57.0076 3768	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/23 19:29:57.0201 3768	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/23 19:29:57.0357 3768	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/23 19:29:57.0497 3768	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/02/23 19:29:57.0637 3768	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/23 19:29:57.0793 3768	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/23 19:29:57.0949 3768	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/23 19:29:58.0074 3768	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/23 19:29:58.0215 3768	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/23 19:29:58.0339 3768	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/23 19:29:58.0495 3768	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/23 19:29:58.0620 3768	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/23 19:29:58.0792 3768	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/23 19:29:58.0901 3768	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/23 19:29:59.0026 3768	mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/23 19:29:59.0151 3768	mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/23 19:29:59.0307 3768	mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/23 19:29:59.0525 3768	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/02/23 19:29:59.0697 3768	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/23 19:29:59.0931 3768	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/23 19:30:00.0087 3768	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/23 19:30:00.0352 3768	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/23 19:30:00.0492 3768	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/23 19:30:00.0679 3768	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/23 19:30:00.0882 3768	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/23 19:30:01.0069 3768	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/23 19:30:01.0225 3768	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/23 19:30:01.0413 3768	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/23 19:30:01.0631 3768	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/23 19:30:01.0834 3768	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/23 19:30:02.0052 3768	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/23 19:30:02.0224 3768	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/23 19:30:02.0349 3768	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/23 19:30:02.0551 3768	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/23 19:30:02.0817 3768	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/23 19:30:02.0988 3768	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/23 19:30:03.0191 3768	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/23 19:30:03.0378 3768	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/23 19:30:03.0550 3768	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/23 19:30:03.0784 3768	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/23 19:30:04.0049 3768	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/23 19:30:04.0189 3768	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/23 19:30:04.0299 3768	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/23 19:30:04.0408 3768	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/23 19:30:04.0517 3768	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/23 19:30:04.0829 3768	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/02/23 19:30:05.0188 3768	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/23 19:30:05.0328 3768	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/23 19:30:05.0453 3768	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/23 19:30:05.0609 3768	pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/02/23 19:30:05.0765 3768	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/23 19:30:05.0874 3768	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/02/23 19:30:06.0015 3768	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/23 19:30:06.0155 3768	pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/02/23 19:30:06.0436 3768	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/23 19:30:06.0951 3768	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/23 19:30:07.0075 3768	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/23 19:30:07.0325 3768	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/23 19:30:07.0465 3768	PxHelp20        (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/23 19:30:07.0653 3768	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/23 19:30:07.0855 3768	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/23 19:30:08.0074 3768	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/23 19:30:08.0199 3768	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/23 19:30:08.0370 3768	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/23 19:30:08.0542 3768	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/23 19:30:08.0635 3768	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/23 19:30:08.0776 3768	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/23 19:30:08.0932 3768	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/23 19:30:09.0072 3768	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/02/23 19:30:09.0244 3768	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/23 19:30:09.0384 3768	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/23 19:30:09.0603 3768	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/02/23 19:30:09.0821 3768	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/23 19:30:09.0961 3768	RTL8023xp       (dda0d5842335e78e375e96c308858a61) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/02/23 19:30:10.0117 3768	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/23 19:30:10.0351 3768	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/23 19:30:10.0507 3768	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/23 19:30:10.0585 3768	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/23 19:30:10.0710 3768	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/23 19:30:11.0038 3768	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/02/23 19:30:11.0178 3768	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/23 19:30:11.0303 3768	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/23 19:30:11.0475 3768	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/23 19:30:11.0631 3768	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/02/23 19:30:11.0755 3768	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/23 19:30:11.0865 3768	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/23 19:30:12.0067 3768	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/23 19:30:12.0286 3768	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/23 19:30:12.0473 3768	srv             (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/23 19:30:12.0598 3768	srv2            (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/23 19:30:12.0723 3768	srvnet          (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/23 19:30:12.0894 3768	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/02/23 19:30:13.0035 3768	StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/02/23 19:30:13.0253 3768	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/23 19:30:13.0440 3768	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/23 19:30:13.0596 3768	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/23 19:30:13.0705 3768	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/23 19:30:13.0955 3768	SynTP           (81cf7aa63bb3cca31e1d1944c0a45fc7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/23 19:30:14.0267 3768	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/23 19:30:14.0439 3768	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/23 19:30:14.0579 3768	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/23 19:30:14.0719 3768	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/23 19:30:14.0844 3768	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/23 19:30:14.0985 3768	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/23 19:30:15.0156 3768	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/23 19:30:15.0468 3768	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/23 19:30:15.0609 3768	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/23 19:30:15.0796 3768	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/23 19:30:15.0983 3768	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/02/23 19:30:16.0108 3768	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/23 19:30:16.0404 3768	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/23 19:30:16.0513 3768	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/23 19:30:16.0669 3768	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/23 19:30:16.0794 3768	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/23 19:30:16.0981 3768	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/23 19:30:17.0387 3768	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/02/23 19:30:17.0559 3768	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/23 19:30:17.0699 3768	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/23 19:30:17.0902 3768	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/23 19:30:18.0089 3768	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/23 19:30:18.0214 3768	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/23 19:30:18.0370 3768	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/23 19:30:18.0526 3768	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/23 19:30:18.0682 3768	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/23 19:30:18.0822 3768	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/23 19:30:19.0041 3768	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/23 19:30:19.0165 3768	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/23 19:30:19.0306 3768	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/23 19:30:19.0399 3768	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/23 19:30:19.0524 3768	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/02/23 19:30:19.0633 3768	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/23 19:30:19.0774 3768	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/23 19:30:19.0930 3768	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/23 19:30:20.0070 3768	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/23 19:30:20.0289 3768	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/23 19:30:20.0445 3768	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/23 19:30:20.0523 3768	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/23 19:30:20.0710 3768	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/23 19:30:20.0881 3768	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/23 19:30:21.0256 3768	winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/02/23 19:30:21.0708 3768	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/23 19:30:22.0051 3768	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/23 19:30:22.0270 3768	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/23 19:30:22.0566 3768	XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/02/23 19:30:22.0925 3768	================================================================================
2011/02/23 19:30:22.0925 3768	Scan finished
2011/02/23 19:30:22.0925 3768	================================================================================

cosinus · 08.02.2011, 20:26

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur einige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

masi76 · 09.02.2011, 17:17

Hi Arne,
hattest Recht, GMER ist zweimal abgeschmiert.
Nun zu diesem ominösen OSAM, wenn ich es
von dem vorgegebenen link runterladen möchte,
dann in Verbindung mit dem Windows Media Player...

Kann dass denn sein oder bin ich mal wieder einfach
nur zu doof???

Gruss masi76

cosinus · 10.02.2011, 10:24

Nimm diesen Ersatzlink für OSAM => File-Upload.net - osam.zip

masi76 · 10.02.2011, 19:36

Hi Arne,

der Download soweit so gut...

Und dann...???

Zip hin Zip her...

Bin kurz davor mein Laptob aus dem Fenster zu werfen,
das einzige was mir noch Hoffnung gibt, habe mit Euch
schon schwierigere Dinge bewältigt...

cosinus · 10.02.2011, 20:14

Ich versteh nicht, welches Problem du hast.

masi76 · 11.02.2011, 06:59

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 06:57:49 on 11.02.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"RegistryBooster.job" - "Uniblue Systems Limited" - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{6872d785-fe43-44cb-9b2a-2df4c5eb13b2} "HotShellExt" - ? - C:\Program Files\eFax Messenger 4.3\J2GShell.dll  (File not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"PDFill PDF Editor" - "PlotSoft LLC" - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{98889811-442D-49dd-99D7-DC866BE87DBC} "Babylon Toolbar" - "Babylon Ltd." - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.14\BabylonToolbarTlbr.dll
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} "facemoods Toolbar" - "facemoods.com" - C:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{2EECD738-5844-4a99-B4B6-146BF802613B} "CescrtHlpr Object" - "Babylon BHO" - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.14\bh\BabylonToolbar.dll
{64182481-4F71-486b-A045-B233BD0DA8FC} "CescrtHlpr Object" - "facemoods.com BHO" - C:\Program Files\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - c:\program files\google\googletoolbar2.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RegistryBooster" - "Uniblue Systems Limited" - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BabylonToolbar" - "Babylon Ltd." - "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.14\BabylonToolbarsrv.exe" /md I
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"facemoods" - "facemoods.com" - "C:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe" /md I
"HP Health Check Scheduler" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Messenger\SweetIM.exe
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CUSTPDF Writer Monitor" - ? - C:\Windows\system32\custmon2k.dll  (File found, but it contains no detailed information)
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll
"Redmon" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9deaa14fed3cc)" (gupdate1c9deaa14fed3cc) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

masi76 · 11.02.2011, 07:03

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Hewlett-Packard
BIOS Manufacturer:		Hewlett-Packard
System Manufacturer:		Hewlett-Packard
System Product Name:		Presario C500 (RT154EA#ABU)
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 148):
  0x82200000 \SystemRoot\system32\ntkrnlpa.exe
  0x825BA000 \SystemRoot\system32\hal.dll
  0x80401000 \SystemRoot\system32\kdcom.dll
  0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80478000 \SystemRoot\system32\PSHED.dll
  0x80489000 \SystemRoot\system32\BOOTVID.dll
  0x80491000 \SystemRoot\system32\CLFS.SYS
  0x804D2000 \SystemRoot\system32\CI.dll
  0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80691000 \SystemRoot\system32\drivers\acpi.sys
  0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E8000 \SystemRoot\system32\drivers\pci.sys
  0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
  0x8071E000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80721000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8072B000 \SystemRoot\system32\drivers\volmgr.sys
  0x8073A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80784000 \SystemRoot\system32\drivers\intelide.sys
  0x8078B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x80799000 \SystemRoot\System32\drivers\mountmgr.sys
  0x807A9000 \SystemRoot\system32\drivers\atapi.sys
  0x807B1000 \SystemRoot\system32\drivers\ataport.SYS
  0x807CF000 \SystemRoot\system32\drivers\msahci.sys
  0x805B2000 \SystemRoot\system32\drivers\fltmgr.sys
  0x807D9000 \SystemRoot\system32\drivers\fileinfo.sys
  0x807E9000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x82C01000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x82C72000 \SystemRoot\system32\drivers\ndis.sys
  0x82D7D000 \SystemRoot\system32\drivers\msrpc.sys
  0x82DA8000 \SystemRoot\system32\drivers\NETIO.SYS
  0x82E0A000 \SystemRoot\System32\drivers\tcpip.sys
  0x82EF4000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x86404000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x86514000 \SystemRoot\system32\drivers\volsnap.sys
  0x8654D000 \SystemRoot\System32\Drivers\spldr.sys
  0x86555000 \SystemRoot\System32\Drivers\mup.sys
  0x86564000 \SystemRoot\System32\drivers\ecache.sys
  0x8658B000 \SystemRoot\system32\drivers\disk.sys
  0x8659C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x865BD000 \SystemRoot\system32\drivers\crcdisk.sys
  0x865E8000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x865F3000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x82F0F000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x865FC000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
  0x82F1E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x82F2E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x82F35000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x89E0E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8A4BC000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8A55C000 \SystemRoot\System32\drivers\watchdog.sys
  0x8A568000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x82F3E000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
  0x8A5F5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8A606000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8A644000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8A653000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
  0x8A664000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8A668000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8A67B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8A686000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8A6B1000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8A6B3000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8A6BE000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8A6D6000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0x8A6D9000 \SystemRoot\system32\DRIVERS\serscan.sys
  0x8A6E1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8A710000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8A751000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8A75C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8A773000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8A77E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8A7A1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8A7B0000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8A7C4000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8A7D9000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8A7E9000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x82FC4000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8A7EB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x89E00000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8A7F5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8AA09000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8AA3E000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8AA4F000 \SystemRoot\system32\drivers\CHDART.sys
  0x8AA78000 \SystemRoot\system32\drivers\portcls.sys
  0x8AAA5000 \SystemRoot\system32\drivers\drmk.sys
  0x8AACA000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8AE0B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8AF0E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8AFC2000 \SystemRoot\system32\drivers\modem.sys
  0x8AFCF000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8AFD8000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8AFE0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8AFE9000 \SystemRoot\System32\Drivers\Null.SYS
  0x8AFF0000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8AB07000 \SystemRoot\System32\drivers\vga.sys
  0x8AB13000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8AFF7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8AE00000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8AB34000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8AB3F000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8AB4D000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8AB56000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8AB6C000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8AB80000 \SystemRoot\system32\drivers\afd.sys
  0x8ABC8000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x82DE3000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x82FEE000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x805E4000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8ABFA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8B206000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8B242000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8B24C000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8B263000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8B289000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8B28B000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8B298000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8B2A3000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x92C70000 \SystemRoot\System32\win32k.sys
  0x8B2AD000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8B2B7000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x92E90000 \SystemRoot\System32\TSDDD.dll
  0x92EB0000 \SystemRoot\System32\cdd.dll
  0x8B2C6000 \SystemRoot\system32\drivers\luafv.sys
  0x8B2E1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x8B2FE000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8B30E000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8B338000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8B342000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA6406000 \SystemRoot\system32\drivers\spsys.sys
  0xA64B6000 \SystemRoot\system32\drivers\HTTP.sys
  0xA6523000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA6540000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA6559000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA656E000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA658F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA65AE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA65E7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x8B355000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x8B37D000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA6400000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xAB40E000 \SystemRoot\system32\drivers\peauth.sys
  0xAB4EC000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAB4F6000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAB502000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xAB50A000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x77250000 \Windows\System32\ntdll.dll

Processes (total 62):
       0 System Idle Process
       4 System
     380 C:\Windows\System32\smss.exe
     432 csrss.exe
     484 C:\Windows\System32\wininit.exe
     492 csrss.exe
     540 C:\Windows\System32\winlogon.exe
     560 C:\Windows\System32\services.exe
     576 C:\Windows\System32\lsass.exe
     584 C:\Windows\System32\lsm.exe
     748 C:\Windows\System32\svchost.exe
     816 C:\Windows\System32\svchost.exe
     852 C:\Windows\System32\svchost.exe
     940 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\audiodg.exe
    1124 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\SLsvc.exe
    1172 C:\Windows\System32\svchost.exe
    1332 C:\Windows\System32\svchost.exe
    1560 C:\Windows\System32\LEXBCES.EXE
    1604 C:\Windows\System32\spoolsv.exe
    1612 C:\Windows\System32\LEXPPS.EXE
    1688 C:\Windows\System32\svchost.exe
    1968 C:\Windows\System32\dwm.exe
    2008 C:\Windows\explorer.exe
    2020 C:\Windows\System32\taskeng.exe
     404 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
     420 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
     480 C:\Windows\System32\igfxtray.exe
     552 C:\Windows\System32\hkcmd.exe
     372 C:\Windows\System32\igfxpers.exe
     920 C:\Program Files\iTunes\iTunesHelper.exe
    1060 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    1136 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
     744 C:\Windows\System32\svchost.exe
    1296 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
     624 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    1696 C:\Program Files\Common Files\Java\Java Update\jusched.exe
     980 C:\Program Files\SweetIM\Messenger\SweetIM.exe
    1436 C:\Program Files\Windows Sidebar\sidebar.exe
     448 C:\Windows\ehome\ehtray.exe
    2116 C:\Windows\System32\svchost.exe
    2156 C:\Windows\System32\svchost.exe
    2188 C:\Windows\System32\svchost.exe
    2240 C:\Windows\System32\svchost.exe
    2300 C:\Windows\System32\svchost.exe
    2360 C:\Windows\System32\SearchIndexer.exe
    2436 C:\Windows\System32\drivers\XAudio.exe
    2456 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    2928 C:\Windows\System32\taskeng.exe
    2960 C:\Windows\System32\taskeng.exe
    2968 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    3380 C:\Windows\ehome\ehmsas.exe
    3768 C:\Program Files\iPod\bin\iPodService.exe
    3968 C:\Windows\System32\svchost.exe
    1944 C:\Program Files\Mozilla Firefox\firefox.exe
    3248 C:\Windows\System32\SearchProtocolHost.exe
    3364 C:\Windows\System32\SearchFilterHost.exe
    2568 C:\Windows\System32\conime.exe
    2072 C:\Users\Markus\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000011`5a4a4a00  (NTFS)

PhysicalDrive0 Model Number: ST98823AS, Rev: 7.24    

      Size  Device Name          MBR Status
  --------------------------------------------
     74 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

masi76 · 11.02.2011, 07:08

Jetzt hat alles geklappt.
Habe seit ich eben meinen laptob hochgefahren habe,
nicht mehr meine Google-Start-Standartseite sondern
dieses elendige Babylon mit all den unsinnigen icon...
Habe beim Osam-Scan auch gesehen, dass er dieses
als "gefährdend" eingestuft hat...

Gruss masi76

10.02.2011, 10:24	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Dauert sehr lange bis sich mein Internetbrowser öffnet Nimm diesen Ersatzlink für OSAM => File-Upload.net - osam.zip __________________ Logfiles bitte immer in CODE-Tags posten

10.02.2011, 20:14	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Dauert sehr lange bis sich mein Internetbrowser öffnet Ich versteh nicht, welches Problem du hast. __________________ Logfiles bitte immer in CODE-Tags posten

Dauert sehr lange bis sich mein Internetbrowser öffnet

Log-Analyse und Auswertung: Dauert sehr lange bis sich mein Internetbrowser öffnet