Windows Diagnostic - richtig entfernt?

Swaggy · 24.03.2011, 22:02

Huch!!!
Ich habe gerade das log Fenster von CF geschlossen und plötzlich gibt es bei C:/Benutzer wieder einen Flo Ordner und folgende: Default, Öffentlich und IUSR_NMPR

Meine Daten sind jetzt auch wieder komplett, nur eine kleine RPG Map fehlt, die ich wegen des Trojaners irgendwie nicht richtig speichern konnte, aber das ist nicht weiter schlimm.

Also wenn der Trojaner jetzt komplett und endgültig vom Pc gelöscht ist, alle Daten wieder da sind und auch der Desktop wieder vollständig ist, wär die Sache ja gegessen.
Die beiden letzteren Dinge treffen zu, nur ob der Trojaner wirklich weg ist, da bin ich mir noch nicht ganz sicher.

Wenn so ist bedank ich mich schonmal ganz herzlich bei den Helfern:

DANKE!!!

Gruß,
Swaggy

cosinus · 24.03.2011, 22:34

Die 10GB mehr Platz kamen wohl durch den OTL-Fix. Ich lasse eigentlich immer die Tempdateien gleich mit löschen

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

cosinus · 24.03.2011, 23:18

Das ist schonmal ok. Ich brauch das Log vom TDSS-Killer als Zusatzbestätigung.
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Swaggy · 25.03.2011, 11:57

Also GMER hat irgendwie nicht funktioniert, aber OSAM schon. Hier ist das log:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:52:43 on 25.03.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"RegistryBooster.job" - "Uniblue Systems Limited" - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"awlyypog" (awlyypog) - ? - C:\Users\Flo\AppData\Local\Temp\awlyypog.sys  (Hidden registry entry, rootkit activity | File not found)
"bcmpikdd" (bcmpikdd) - ? - C:\Windows\system32\drivers\bcmpikdd.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\Flo\AppData\Local\Temp\catchme.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MpKsl5e4cf9fe" (MpKsl5e4cf9fe) - "Microsoft Corporation" - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A4DF34E-9734-4696-A376-1690778AAFAE}\MpKsl5e4cf9fe.sys
"MpKsl6b61d8cb" (MpKsl6b61d8cb) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6E8D2A4-27EC-4E42-91C6-29754EF1F460}\MpKsl6b61d8cb.sys  (File not found)
"MpKsl8c3a74af" (MpKsl8c3a74af) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA119E0A-D5F0-4243-BA02-F582C844AB7E}\MpKsl8c3a74af.sys  (File not found)
"TSHWMDTCP" (TSHWMDTCP) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PlayMovie\000.fcl
"{95808DC4-FA4A-4C74-92FE-5B863F82066B}" ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PowerDVD\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
"RegistryBooster" - "Uniblue Systems Limited" - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"CCUTRAYICON" - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"NMSSupport" - "Intel Corporation" - "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
"Philips Device Listener" - ? - "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DQLWinService" (DQLWinService) - ? - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
"GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe
"Google Update Service (gupdate1cae702751500b0)" (gupdate1cae702751500b0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Alert Service" (AlertService) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
"Intel(R) Application Tracker" (MCLServiceATL) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
"Intel(R) DHTrace Controller" (DHTRACE) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"Intel(R) NMSCore" (NMSCore) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
"Intel(R) Quality Manager" (QualityManager) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
"Intel(R) Remoting Service" (Remote UI Service) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
"Intel(R) Software Services Manager" (ISSM) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
"Intel(R) Viiv(TM) Media Server" (M1 Server) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
"TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

===[ Logfile end ]=========================================[ Logfile end ]===[/QUOTE]

--- --- ---

Das letzte was du genannt hast, hat irgendwie kein log ausgespuck, aber ich konnte es auch nicht auf dem desktop speichern, sondern habe es aus dem Download Fenster aus gestartet (hoffe das war nicht flasch).

Gruß,
Swaggy

Swaggy · 25.03.2011, 11:58

Ok, hab das log doch gefunden:

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: MEDIONPC
System Product Name: MS-7502
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 149):
0x81E36000 \SystemRoot\system32\ntkrnlpa.exe
0x81E03000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047C000 \SystemRoot\system32\PSHED.dll
0x8048D000 \SystemRoot\system32\BOOTVID.dll
0x80495000 \SystemRoot\system32\CLFS.SYS
0x804D6000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\system32\drivers\acpi.sys
0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EA000 \SystemRoot\system32\drivers\pci.sys
0x80711000 \SystemRoot\System32\drivers\partmgr.sys
0x80720000 \SystemRoot\system32\drivers\volmgr.sys
0x8072F000 \SystemRoot\System32\drivers\volmgrx.sys
0x80779000 \SystemRoot\System32\drivers\mountmgr.sys
0x87A08000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x87ACF000 \SystemRoot\system32\drivers\fltmgr.sys
0x87B01000 \SystemRoot\system32\drivers\fileinfo.sys
0x87B11000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C06000 \SystemRoot\system32\drivers\ndis.sys
0x87D11000 \SystemRoot\system32\drivers\msrpc.sys
0x87D3C000 \SystemRoot\system32\drivers\NETIO.SYS
0x87E0A000 \SystemRoot\System32\drivers\tcpip.sys
0x87EF7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88000000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88110000 \SystemRoot\system32\drivers\volsnap.sys
0x88149000 \SystemRoot\system32\DRIVERS\uagp35.sys
0x8815A000 \SystemRoot\System32\Drivers\spldr.sys
0x88162000 \SystemRoot\System32\Drivers\mup.sys
0x88171000 \SystemRoot\System32\drivers\ecache.sys
0x88198000 \SystemRoot\system32\drivers\disk.sys
0x881A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x881CA000 \SystemRoot\system32\drivers\crcdisk.sys
0x881E0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x881EB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FD9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BA0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C152000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C1F2000 \SystemRoot\System32\drivers\watchdog.sys
0x87D77000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87DB2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87FE8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C408000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C495000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0x8C5C3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C5ED000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x8C5F0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x87DF0000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x87B82000 \SystemRoot\system32\DRIVERS\serial.sys
0x881F4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x87B9C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C400000 \SystemRoot\System32\Drivers\x10hid.sys
0x87BB4000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0x87FF7000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0x87BC4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x80789000 \SystemRoot\system32\DRIVERS\storport.sys
0x87BF3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x807CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x807E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x805B6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x807EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C801000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C816000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8C81B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C82B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C836000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C841000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C843000 \SystemRoot\System32\Drivers\IntelDH.sys
0x8C845000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C84F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C85C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C891000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C89A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D003000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C8AB000 \SystemRoot\system32\drivers\portcls.sys
0x8C8D8000 \SystemRoot\system32\drivers\drmk.sys
0x8C8FD000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8D1DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D1E7000 \SystemRoot\System32\Drivers\Null.SYS
0x8D1EE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C937000 \SystemRoot\System32\drivers\vga.sys
0x8C943000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D1F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C964000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C96C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C977000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C985000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C98E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C9A4000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C9B8000 \SystemRoot\system32\drivers\afd.sys
0x8D20B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D23D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D253000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D261000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D274000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D2B0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D2BA000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D2D1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8D2F9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D30E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D310000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8D326000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D333000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x87F12000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x93C80000 \SystemRoot\System32\win32k.sys
0x8D200000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C924000 \SystemRoot\System32\Drivers\x10ufx2.sys
0x87FA2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C92E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x881D3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x87FB9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93EA0000 \SystemRoot\System32\TSDDD.dll
0x93EC0000 \SystemRoot\System32\cdd.dll
0x9A002000 \SystemRoot\system32\drivers\luafv.sys
0x9A025000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A035000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A05F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A069000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A07C000 \SystemRoot\system32\drivers\HTTP.sys
0x9A0E9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A106000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A11F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A134000 \SystemRoot\system32\drivers\mrxdav.sys
0x9A155000

Gruß,

Swaggy

cosinus · 25.03.2011, 14:08

Das Log von mbrcheck ist unvollständig. Lass das Tool ggf. etwas länger laufen!

Zitat:

"bcmpikdd" (bcmpikdd) - ? - C:\Windows\system32\drivers\bcmpikdd.sys (File not found)

Nitte mit OSAM deaktivieren und löschen (delete from storage)

Swaggy · 05.04.2011, 12:52

hier ist ein akktueller MbrCheck log, aber die Zeile hab ich bei OSAM nich gefunden.
Ich probiers einfach nochmal.

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: MEDIONPC
System Product Name: MS-7502
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 149):
0x81E34000 \SystemRoot\system32\ntkrnlpa.exe
0x81E01000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\system32\drivers\acpi.sys
0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806ED000 \SystemRoot\system32\drivers\pci.sys
0x80714000 \SystemRoot\System32\drivers\partmgr.sys
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\System32\drivers\mountmgr.sys
0x87A00000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x87AC7000 \SystemRoot\system32\drivers\fltmgr.sys
0x87AF9000 \SystemRoot\system32\drivers\fileinfo.sys
0x87B09000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C00000 \SystemRoot\system32\drivers\ndis.sys
0x87D0B000 \SystemRoot\system32\drivers\msrpc.sys
0x87D36000 \SystemRoot\system32\drivers\NETIO.SYS
0x87E00000 \SystemRoot\System32\drivers\tcpip.sys
0x87EED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88002000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88112000 \SystemRoot\system32\drivers\volsnap.sys
0x8814B000 \SystemRoot\system32\DRIVERS\uagp35.sys
0x8815C000 \SystemRoot\System32\Drivers\spldr.sys
0x88164000 \SystemRoot\System32\Drivers\mup.sys
0x88173000 \SystemRoot\System32\drivers\ecache.sys
0x8819A000 \SystemRoot\system32\drivers\disk.sys
0x881AB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x881CC000 \SystemRoot\system32\drivers\crcdisk.sys
0x881E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x881ED000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FCF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BA01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C147000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C1E7000 \SystemRoot\System32\drivers\watchdog.sys
0x87D71000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8C1F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87DAC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87FDE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C40B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C498000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0x8C5C6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C5F0000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x87FED000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x87DEA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x87B7A000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C5F3000 \SystemRoot\system32\DRIVERS\serenum.sys
0x87B94000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C5FD000 \SystemRoot\System32\Drivers\x10hid.sys
0x87BAC000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0x8C400000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0x87BBC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8078C000 \SystemRoot\system32\DRIVERS\storport.sys
0x87BEB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x807CD000 \SystemRoot\system32\drivers\ScreamingBAudio.sys
0x805B4000 \SystemRoot\system32\drivers\portcls.sys
0x807DA000 \SystemRoot\system32\drivers\drmk.sys
0x805E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x80600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CA05000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CA28000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CA37000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CA4B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CA60000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8CA65000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CA75000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CA80000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CA8B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CA8D000 \SystemRoot\System32\Drivers\IntelDH.sys
0x8CA8F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CA99000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CAA6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CADB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8CAE4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D00E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8CAF5000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8D1E9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D1F2000 \SystemRoot\System32\Drivers\Null.SYS
0x8D1F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D000000 \SystemRoot\System32\drivers\vga.sys
0x8CB2F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CB50000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CB58000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CB60000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CB6B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CB79000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CB82000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CB98000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CBAC000 \SystemRoot\system32\drivers\afd.sys
0x8CE00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CE32000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CE48000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CE56000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CE69000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CEA5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CEAF000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CEC6000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8CEEE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8CF03000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CF05000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8CF1B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CF32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8CF3B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87F08000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8CF48000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x8CFD8000 \SystemRoot\System32\Drivers\x10ufx2.sys
0x8CFE2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92670000 \SystemRoot\System32\win32k.sys
0x8CFEA000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CB1C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x92890000 \SystemRoot\System32\TSDDD.dll
0x928B0000 \SystemRoot\System32\cdd.dll
0x9A00F000 \SystemRoot\system32\drivers\luafv.sys
0x9A032000 \SystemRoot\system32\drivers\spsys.sys
0x9A0E2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A0F2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A11C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A126000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A139000 \SystemRoot\system32\drivers\HTTP.sys
0x9A1A6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A1C3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A1DC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C802000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C823000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C842000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C87B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C893000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C8BB000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C909000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9C94C000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9C956000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9C95B000 \SystemRoot\system32\DRIVERS\nmsunidr.sys
0xA5602000 \SystemRoot\system32\drivers\peauth.sys
0xA56E0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA56EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA56F6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA570B000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA571D000 \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl
0xA573A000 \??\C:\Program Files\HomeCinema\PowerDVD\000.fcl
0xA5765000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA5770000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89620448-425E-422E-A1A3-51F8D978B37B}\MpKsldff02d3e.sys
0x77300000 \Windows\System32\ntdll.dll

Processes (total 77):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
568 csrss.exe
620 C:\Windows\System32\wininit.exe
632 csrss.exe
664 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\winlogon.exe
924 C:\Windows\System32\svchost.exe
968 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1060 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\audiodg.exe
1208 C:\Windows\System32\SLsvc.exe
1248 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\spoolsv.exe
1776 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\dwm.exe
832 C:\Windows\explorer.exe
1284 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1240 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
1496 C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
1528 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
1552 C:\Windows\RtHDVCpl.exe
2040 C:\Windows\System32\rundll32.exe
2020 C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
288 C:\Program Files\Common Files\Java\Java Update\jusched.exe
304 C:\Program Files\Microsoft Security Client\msseces.exe
328 C:\Program Files\Iminent\IMBooster\IMBooster.exe
612 C:\Program Files\Windows Sidebar\sidebar.exe
1620 C:\Windows\System32\rundll32.exe
2064 C:\Program Files\Logitech\Logitech Vid\Vid.exe
2076 C:\Program Files\Windows Media Player\wmpnscfg.exe
2164 C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
2284 C:\Windows\System32\taskeng.exe
2560 C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
2596 C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
2644 C:\Program Files\Common Files\Gnab\Service\ServiceController.exe
2760 C:\Windows\System32\taskeng.exe
2808 C:\Windows\System32\taskeng.exe
2824 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
3188 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
3452 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3492 C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
3500 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
3516 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
3668 C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
3712 C:\Windows\System32\PnkBstrA.exe
3724 C:\Windows\System32\svchost.exe
3744 C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
3764 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3812 C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
3848 C:\Windows\System32\svchost.exe
4084 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
2176 C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
1396 C:\Windows\System32\svchost.exe
236 C:\Windows\System32\SearchIndexer.exe
2364 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
2404 WUDFHost.exe
724 C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
2032 C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
3060 C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
3252 C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
4064 C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
5344 C:\Windows\System32\mobsync.exe
5416 C:\Program Files\Windows Media Player\wmpnetwk.exe
2324 C:\Windows\System32\svchost.exe
4844 C:\Windows\System32\SearchProtocolHost.exe
2376 C:\Windows\System32\SearchFilterHost.exe
2424 <unknown>
2456 <unknown>
5328 C:\Users\Flo\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006f`70841a00 (FAT32)

PhysicalDrive0 Model Number: ST3500320NS, Rev: SN04

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

Done!

Swaggy · 05.04.2011, 13:05

ok, habe jetzt (hoffentlich) auch die OSAM Zeile gelöscht.
hier ist ein aktueller log:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:03:05 on 05.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"RegistryBooster.job" - "Uniblue Systems Limited" - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\Users\Flo\AppData\Local\Temp\catchme.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MpKsl6b61d8cb" (MpKsl6b61d8cb) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6E8D2A4-27EC-4E42-91C6-29754EF1F460}\MpKsl6b61d8cb.sys  (File not found)
"MpKsl8c3a74af" (MpKsl8c3a74af) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA119E0A-D5F0-4243-BA02-F582C844AB7E}\MpKsl8c3a74af.sys  (File not found)
"MpKsldff02d3e" (MpKsldff02d3e) - "Microsoft Corporation" - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89620448-425E-422E-A1A3-51F8D978B37B}\MpKsldff02d3e.sys
"TSHWMDTCP" (TSHWMDTCP) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PlayMovie\000.fcl
"{95808DC4-FA4A-4C74-92FE-5B863F82066B}" ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PowerDVD\000.fcl
(Disabled) "bcmpikdd" (bcmpikdd) - ? - C:\Windows\system32\drivers\bcmpikdd.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "IMinent Toolbar" - ? - C:\Program Files\IMinent Toolbar\tbcore3.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
<binary data> "IMinent Toolbar" - ? - C:\Program Files\IMinent Toolbar\tbcore3.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} "IMinent WebBooster (BHO)" - "Iminent" - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
{58124A0B-DC32-4180-9BFF-E0E21AE34026} "TBSB01620 Class" - ? - C:\Program Files\IMinent Toolbar\tbcore3.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
"RegistryBooster" - "Uniblue Systems Limited" - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"CCUTRAYICON" - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"IMBooster" - "Iminent" - C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"NMSSupport" - "Intel Corporation" - "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
"Philips Device Listener" - ? - "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DQLWinService" (DQLWinService) - ? - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
"GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe
"Google Update Service (gupdate1cae702751500b0)" (gupdate1cae702751500b0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Alert Service" (AlertService) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
"Intel(R) Application Tracker" (MCLServiceATL) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
"Intel(R) DHTrace Controller" (DHTRACE) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"Intel(R) NMSCore" (NMSCore) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
"Intel(R) Quality Manager" (QualityManager) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
"Intel(R) Remoting Service" (Remote UI Service) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
"Intel(R) Software Services Manager" (ISSM) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
"Intel(R) Viiv(TM) Media Server" (M1 Server) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
"TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

cosinus · 05.04.2011, 14:32

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

24.03.2011, 22:34	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Diagnostic - richtig entfernt? Die 10GB mehr Platz kamen wohl durch den OTL-Fix. Ich lasse eigentlich immer die Tempdateien gleich mit löschen Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html __________________ __________________

05.04.2011, 14:32	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Diagnostic - richtig entfernt? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Windows Diagnostic - richtig entfernt?

Plagegeister aller Art und deren Bekämpfung: Windows Diagnostic - richtig entfernt?