Google Umleitung und Windows-Defender deaktiviert

D e n n i s · 15.05.2011, 22:17

Guten Abend,

ich habe seit gestern etwas Theater mit den Browsern. Es fing mit Popups an obwohl der Browser geschlossen war, dass hat Avira und Malwarebytes aber beseitigt.

Jetzt ist es so, dass ich über Google etwas suche und einen Link anwähle werde ich auf eine andere Seite umgeleitet.

Mir ist auch aufgefallen, dass der Windows Defender deaktiviert ist, wenn ich den Dienst über die Verwaltung wieder aktiviere wird er nach zwei Sekunden wieder deaktiviert.

Ich habe daraufhin mal mit Malwarebytes Quick Scan gemacht und Avira drüber laufen lassen.
Danach nochmal mit Malwarebytes Vollständig gescannt(nichts gefunden) und zum Schluss nochmal mit OTL.

Achso: Vor einem halben Jahr hatte ich die SystemTool Geschichte gehabt, die meiner Meinung nach aber sauber gelöscht sein müsste, den alten log habe ich auch nochmal angehängt.

Wäre klasse wenn mir einer helfen könnte, die Symptome sind jetzt nicht so dramatisch, also keine Eile

cosinus · 16.05.2011, 14:12

Zitat:

SRV - (cmdagent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

Comodo bitte deinstallieren, 1. bringt das Teil nicht, ist sogar kontraproduktiv, 2. sollte man es nicht mit AntiVir betreiben.

Mach nach der Deinstallation einen neune Vollscan mit Malwarebytes, vorher MBAM aktualisieren, und Log posten.

D e n n i s · 16.05.2011, 19:18

Hallo cosinus,

hier ist der log mit aktuellem MBAM.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6589

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

16.05.2011 20:11:05
mbam-log-2011-05-16 (20-11-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 268767
Laufzeit: 41 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Wqufaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Gruß Dennis

cosinus · 16.05.2011, 20:52

Mach bitte ein neue OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

D e n n i s · 16.05.2011, 21:36

Hallo cosinus,

den log habe ich als Anhang hochgeladen.

Gruß Dennis

cosinus · 16.05.2011, 21:50

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1www.wieistmeineip.de,"
FF - prefs.js..network.proxy.socks: " "
O4 - HKLM..\Run: [DevconDefaultDB]  File not found
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ehSfAxdeCUNMnk.exe]  File not found
O4 - HKCU..\Run: [ISUSPM]  File not found
O4 - HKCU..\Run: [SetDefaultMIDI]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{76d788fc-0b64-11df-ba78-ffcc81895570}\Shell - "" = AutoRun
O33 - MountPoints2\{76d788fc-0b64-11df-ba78-ffcc81895570}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
[2011.05.15 11:14:07 | 000,000,000 | ---D | C] -- C:\Programme\COMODO
[2011.05.15 11:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011.05.16 20:23:45 | 000,000,020 | ---- | M] () -- C:\Windows\Ü*
[2011.05.15 21:44:21 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2011.05.15 21:34:40 | 000,007,636 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg
[2011.05.14 18:42:21 | 000,000,000 | ---- | M] () -- C:\ProgramData\CMMs
[2011.05.14 18:16:15 | 000,143,360 | RHS- | M] () -- C:\Windows\System32\sppobjsb.dll
[2011.05.14 18:10:35 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLck.DAT
[2011.05.14 18:10:33 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Help
[2011.05.14 18:10:33 | 000,000,268 | RH-- | M] () -- C:\Users\Dennis\AppData\Roaming\Guitar
[2011.05.14 18:16:15 | 000,143,360 | RHS- | C] () -- C:\Windows\System32\sppobjsb.dll
[2011.05.14 18:16:15 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\*.job
[2011.05.16 22:16:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Zeon
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0574215C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A8AF8B49
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

D e n n i s · 17.05.2011, 06:03

Hallo cosinus,

hier ist der log

========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1www.wieistmeineip.de," removed from network.proxy.no_proxies_on
Prefs.js: " " removed from network.proxy.socks
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DevconDefaultDB deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ehSfAxdeCUNMnk.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SetDefaultMIDI deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76d788fc-0b64-11df-ba78-ffcc81895570}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76d788fc-0b64-11df-ba78-ffcc81895570}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76d788fc-0b64-11df-ba78-ffcc81895570}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76d788fc-0b64-11df-ba78-ffcc81895570}\ not found.
File G:\AUTORUN.EXE not found.
C:\Programme\COMODO\COMODO Internet Security\translations folder moved successfully.
C:\Programme\COMODO\COMODO Internet Security folder moved successfully.
C:\Programme\COMODO folder moved successfully.
C:\ProgramData\Comodo\Installer folder moved successfully.
C:\ProgramData\Comodo\Firewall Pro folder moved successfully.
C:\ProgramData\Comodo\CisDumps folder moved successfully.
C:\ProgramData\Comodo\Cis\CMC\unreaded folder moved successfully.
C:\ProgramData\Comodo\Cis\CMC\images folder moved successfully.
C:\ProgramData\Comodo\Cis\CMC folder moved successfully.
C:\ProgramData\Comodo\Cis folder moved successfully.
C:\ProgramData\Comodo folder moved successfully.
File C:\Windows\Ü* not found.
C:\ProgramData\PKP_DLbx.DAT moved successfully.
C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg moved successfully.
C:\ProgramData\CMMs moved successfully.
C:\Windows\System32\sppobjsb.dll moved successfully.
C:\ProgramData\PKP_DLck.DAT moved successfully.
C:\ProgramData\Help moved successfully.
C:\Users\Dennis\AppData\Roaming\Guitar moved successfully.
File C:\Windows\System32\sppobjsb.dll not found.
File C:\Windows\tasks\*.job not found.
C:\Users\Dennis\AppData\Roaming\Zeon folder moved successfully.
ADS C:\ProgramData\TEMP:0574215C deleted successfully.
ADS C:\ProgramData\TEMP:A8AF8B49 deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_070030

Gruß Dennis

cosinus · 17.05.2011, 08:52

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

D e n n i s · 17.05.2011, 18:41

Hi,

hier der richtige log, der Fund wurde gelöscht.

2011/05/17 18:57:25.0632 1788 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/17 18:57:25.0710 1788 ================================================================================
2011/05/17 18:57:25.0710 1788 SystemInfo:
2011/05/17 18:57:25.0710 1788
2011/05/17 18:57:25.0710 1788 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/17 18:57:25.0710 1788 Product type: Workstation
2011/05/17 18:57:25.0710 1788 ComputerName: DENNIS-PC
2011/05/17 18:57:25.0710 1788 UserName: Dennis
2011/05/17 18:57:25.0710 1788 Windows directory: C:\Windows
2011/05/17 18:57:25.0710 1788 System windows directory: C:\Windows
2011/05/17 18:57:25.0710 1788 Processor architecture: Intel x86
2011/05/17 18:57:25.0710 1788 Number of processors: 2
2011/05/17 18:57:25.0710 1788 Page size: 0x1000
2011/05/17 18:57:25.0710 1788 Boot type: Normal boot
2011/05/17 18:57:25.0710 1788 ================================================================================
2011/05/17 18:57:26.0068 1788 Initialize success
2011/05/17 18:57:37.0784 1976 ================================================================================
2011/05/17 18:57:37.0784 1976 Scan started
2011/05/17 18:57:37.0784 1976 Mode: Manual;
2011/05/17 18:57:37.0784 1976 ================================================================================
2011/05/17 18:57:38.0595 1976 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/17 18:57:38.0658 1976 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/17 18:57:38.0689 1976 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/17 18:57:38.0720 1976 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/17 18:57:38.0767 1976 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/17 18:57:38.0829 1976 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/17 18:57:38.0892 1976 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/17 18:57:38.0923 1976 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/17 18:57:38.0985 1976 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/17 18:57:39.0032 1976 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/17 18:57:39.0063 1976 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/17 18:57:39.0094 1976 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/17 18:57:39.0141 1976 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/17 18:57:39.0172 1976 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/17 18:57:39.0235 1976 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/05/17 18:57:39.0282 1976 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/17 18:57:39.0313 1976 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/05/17 18:57:39.0391 1976 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/17 18:57:39.0453 1976 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/17 18:57:39.0484 1976 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/17 18:57:39.0531 1976 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/17 18:57:39.0578 1976 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/17 18:57:39.0609 1976 AtcL001 (20b956a7d7484915b647fa13569ab557) C:\Windows\system32\DRIVERS\l160x86.sys
2011/05/17 18:57:39.0672 1976 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/05/17 18:57:39.0734 1976 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/17 18:57:39.0781 1976 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/17 18:57:39.0828 1976 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/17 18:57:39.0906 1976 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/17 18:57:39.0937 1976 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/17 18:57:39.0984 1976 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/17 18:57:40.0015 1976 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/17 18:57:40.0062 1976 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/17 18:57:40.0077 1976 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/17 18:57:40.0093 1976 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/17 18:57:40.0124 1976 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/17 18:57:40.0155 1976 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/17 18:57:40.0186 1976 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/17 18:57:40.0202 1976 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/17 18:57:40.0249 1976 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/17 18:57:40.0280 1976 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/17 18:57:40.0327 1976 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/17 18:57:40.0358 1976 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/05/17 18:57:40.0389 1976 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/17 18:57:40.0436 1976 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/17 18:57:40.0467 1976 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/17 18:57:40.0498 1976 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/17 18:57:40.0530 1976 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/17 18:57:40.0608 1976 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/17 18:57:40.0623 1976 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/17 18:57:40.0654 1976 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/17 18:57:40.0670 1976 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/17 18:57:40.0717 1976 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/17 18:57:40.0795 1976 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/17 18:57:40.0842 1976 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/05/17 18:57:40.0904 1976 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\Windows\system32\drivers\CT20XUT.SYS
2011/05/17 18:57:40.0935 1976 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\Windows\System32\drivers\CT20XUT.SYS
2011/05/17 18:57:40.0966 1976 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\Windows\system32\drivers\ctac32k.sys
2011/05/17 18:57:41.0013 1976 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\Windows\system32\drivers\ctaud2k.sys
2011/05/17 18:57:41.0076 1976 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\Windows\system32\drivers\ctdvda2k.sys
2011/05/17 18:57:41.0122 1976 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/05/17 18:57:41.0200 1976 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/05/17 18:57:41.0232 1976 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/05/17 18:57:41.0247 1976 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/05/17 18:57:41.0263 1976 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\Windows\system32\drivers\ctprxy2k.sys
2011/05/17 18:57:41.0294 1976 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\Windows\system32\drivers\ctsfm2k.sys
2011/05/17 18:57:41.0341 1976 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/17 18:57:41.0372 1976 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/17 18:57:41.0419 1976 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/17 18:57:41.0481 1976 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/17 18:57:41.0528 1976 DslMNLwf (e577b5c4a6be078e5445cdcfb65be7ab) C:\Windows\system32\DRIVERS\dslmnlwf.sys
2011/05/17 18:57:41.0590 1976 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/17 18:57:41.0731 1976 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/17 18:57:41.0809 1976 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/17 18:57:41.0856 1976 emupia (04afe5c11777e33178ec11e1fac47b07) C:\Windows\system32\drivers\emupia2k.sys
2011/05/17 18:57:41.0902 1976 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
2011/05/17 18:57:41.0934 1976 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/17 18:57:41.0980 1976 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/17 18:57:42.0012 1976 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/17 18:57:42.0043 1976 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/17 18:57:42.0074 1976 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/17 18:57:42.0090 1976 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/17 18:57:42.0121 1976 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/17 18:57:42.0136 1976 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/17 18:57:42.0168 1976 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/17 18:57:42.0199 1976 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/17 18:57:42.0246 1976 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/17 18:57:42.0277 1976 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/17 18:57:42.0355 1976 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\Windows\system32\drivers\ha20x2k.sys
2011/05/17 18:57:42.0386 1976 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/17 18:57:42.0433 1976 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/05/17 18:57:42.0480 1976 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/17 18:57:42.0511 1976 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/17 18:57:42.0526 1976 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/17 18:57:42.0558 1976 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/17 18:57:42.0604 1976 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/17 18:57:42.0651 1976 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/17 18:57:42.0682 1976 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/17 18:57:42.0714 1976 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/17 18:57:42.0729 1976 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/17 18:57:42.0776 1976 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/05/17 18:57:42.0838 1976 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/17 18:57:42.0870 1976 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/17 18:57:42.0901 1976 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/17 18:57:42.0932 1976 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/17 18:57:42.0963 1976 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/17 18:57:42.0979 1976 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/17 18:57:43.0010 1976 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/17 18:57:43.0041 1976 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/17 18:57:43.0072 1976 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/17 18:57:43.0104 1976 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/17 18:57:43.0135 1976 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/17 18:57:43.0166 1976 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/17 18:57:43.0213 1976 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/17 18:57:43.0260 1976 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2011/05/17 18:57:43.0322 1976 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/17 18:57:43.0416 1976 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/05/17 18:57:43.0478 1976 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/17 18:57:43.0525 1976 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/17 18:57:43.0556 1976 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/17 18:57:43.0572 1976 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/17 18:57:43.0618 1976 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/17 18:57:43.0634 1976 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/17 18:57:43.0681 1976 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/17 18:57:43.0728 1976 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
2011/05/17 18:57:43.0868 1976 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/05/17 18:57:43.0930 1976 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/17 18:57:43.0962 1976 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/17 18:57:43.0993 1976 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/17 18:57:44.0040 1976 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/17 18:57:44.0071 1976 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/17 18:57:44.0086 1976 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/17 18:57:44.0118 1976 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/17 18:57:44.0133 1976 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/17 18:57:44.0164 1976 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/17 18:57:44.0196 1976 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/17 18:57:44.0242 1976 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/17 18:57:44.0274 1976 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/17 18:57:44.0305 1976 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/17 18:57:44.0352 1976 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/17 18:57:44.0383 1976 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/17 18:57:44.0430 1976 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/17 18:57:44.0445 1976 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/17 18:57:44.0476 1976 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/17 18:57:44.0508 1976 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/17 18:57:44.0539 1976 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/17 18:57:44.0554 1976 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/17 18:57:44.0586 1976 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/17 18:57:44.0617 1976 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/17 18:57:44.0632 1976 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/17 18:57:44.0695 1976 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/17 18:57:44.0726 1976 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/05/17 18:57:44.0757 1976 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/17 18:57:44.0804 1976 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/17 18:57:44.0835 1976 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/17 18:57:44.0882 1976 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/17 18:57:44.0913 1976 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/17 18:57:44.0944 1976 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/17 18:57:44.0960 1976 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/17 18:57:44.0991 1976 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/17 18:57:45.0007 1976 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/17 18:57:45.0038 1976 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/17 18:57:45.0085 1976 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/17 18:57:45.0116 1976 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/17 18:57:45.0147 1976 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/17 18:57:45.0210 1976 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/05/17 18:57:45.0241 1976 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/17 18:57:45.0522 1976 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/17 18:57:45.0880 1976 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/05/17 18:57:45.0912 1976 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/05/17 18:57:45.0958 1976 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/17 18:57:46.0005 1976 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/17 18:57:46.0083 1976 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\Windows\system32\drivers\ctoss2k.sys
2011/05/17 18:57:46.0130 1976 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/17 18:57:46.0177 1976 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/17 18:57:46.0208 1976 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/17 18:57:46.0302 1976 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/05/17 18:57:46.0348 1976 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/17 18:57:46.0380 1976 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/17 18:57:46.0426 1976 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/17 18:57:46.0473 1976 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/17 18:57:46.0504 1976 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/17 18:57:46.0582 1976 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/17 18:57:46.0614 1976 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/17 18:57:46.0645 1976 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/17 18:57:46.0707 1976 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/17 18:57:46.0738 1976 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/17 18:57:46.0770 1976 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/17 18:57:46.0785 1976 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/17 18:57:46.0832 1976 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/17 18:57:46.0848 1976 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/17 18:57:46.0879 1976 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/17 18:57:46.0910 1976 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/17 18:57:46.0941 1976 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/17 18:57:46.0972 1976 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/17 18:57:46.0988 1976 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/17 18:57:47.0019 1976 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/05/17 18:57:47.0035 1976 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/17 18:57:47.0050 1976 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/17 18:57:47.0097 1976 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/17 18:57:47.0144 1976 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/17 18:57:47.0206 1976 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/17 18:57:47.0253 1976 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/17 18:57:47.0284 1976 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/17 18:57:47.0316 1976 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/17 18:57:47.0347 1976 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/17 18:57:47.0378 1976 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/17 18:57:47.0440 1976 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/17 18:57:47.0456 1976 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/17 18:57:47.0472 1976 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/17 18:57:47.0534 1976 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/17 18:57:47.0550 1976 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/17 18:57:47.0565 1976 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/17 18:57:47.0596 1976 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/17 18:57:47.0628 1976 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/17 18:57:47.0659 1976 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/17 18:57:47.0690 1976 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/17 18:57:47.0721 1976 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/17 18:57:47.0768 1976 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/17 18:57:47.0830 1976 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/05/17 18:57:47.0830 1976 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/17 18:57:47.0830 1976 sptd - detected LockedFile.Multi.Generic (1)
2011/05/17 18:57:47.0893 1976 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/05/17 18:57:47.0908 1976 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/17 18:57:47.0940 1976 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/17 18:57:47.0971 1976 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/17 18:57:48.0033 1976 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/17 18:57:48.0064 1976 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/17 18:57:48.0096 1976 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/17 18:57:48.0111 1976 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/17 18:57:48.0174 1976 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/05/17 18:57:48.0252 1976 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/05/17 18:57:48.0330 1976 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/17 18:57:48.0392 1976 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/17 18:57:48.0423 1976 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/17 18:57:48.0454 1976 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/17 18:57:48.0486 1976 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/17 18:57:48.0517 1976 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/17 18:57:48.0579 1976 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/17 18:57:48.0610 1976 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/17 18:57:48.0626 1976 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/17 18:57:48.0657 1976 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/17 18:57:48.0704 1976 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/17 18:57:48.0751 1976 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/17 18:57:48.0782 1976 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/17 18:57:48.0829 1976 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/05/17 18:57:48.0860 1976 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/17 18:57:48.0876 1976 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/17 18:57:48.0907 1976 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/17 18:57:48.0938 1976 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/17 18:57:48.0954 1976 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/17 18:57:48.0985 1976 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/17 18:57:49.0016 1976 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/17 18:57:49.0047 1976 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/17 18:57:49.0094 1976 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/17 18:57:49.0156 1976 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/17 18:57:49.0188 1976 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/17 18:57:49.0203 1976 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/17 18:57:49.0234 1976 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/17 18:57:49.0281 1976 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/17 18:57:49.0297 1976 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/17 18:57:49.0312 1976 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/17 18:57:49.0344 1976 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/17 18:57:49.0375 1976 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/17 18:57:49.0390 1976 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/17 18:57:49.0422 1976 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/17 18:57:49.0437 1976 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/17 18:57:49.0468 1976 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/17 18:57:49.0500 1976 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/05/17 18:57:49.0531 1976 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/17 18:57:49.0562 1976 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/17 18:57:49.0578 1976 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/17 18:57:49.0624 1976 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/17 18:57:49.0656 1976 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/17 18:57:49.0702 1976 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/17 18:57:49.0718 1976 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/17 18:57:49.0780 1976 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/17 18:57:49.0827 1976 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/17 18:57:49.0874 1976 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/17 18:57:49.0921 1976 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/17 18:57:49.0968 1976 ================================================================================
2011/05/17 18:57:49.0968 1976 Scan finished
2011/05/17 18:57:49.0968 1976 ================================================================================
2011/05/17 18:57:49.0968 0280 Detected object count: 1
2011/05/17 18:57:59.0952 0280 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/05/17 18:57:59.0967 0280 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/05/17 18:57:59.0983 0280 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/05/17 18:57:59.0983 0280 LockedFile.Multi.Generic(sptd) - User select action: Delete
2011/05/17 18:58:08.0578 3316 Deinitialize success

cosinus · 17.05.2011, 18:45

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

D e n n i s · 17.05.2011, 19:17

Hi, Avira war jetzt nur deaktiviert, weil ich es nicht schließen konnte "Zugriff verweigert" und bei ComboFix das Kreuz oben rechts anscheinend "weiter" bedeutet

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-16.04 - Dennis 17.05.2011  20:07:02.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3327.2489 [GMT 2:00]
ausgeführt von:: c:\users\Dennis\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-17 bis 2011-05-17  ))))))))))))))))))))))))))))))
.
.
2011-05-17 18:11 . 2011-05-17 18:11	--------	d-----w-	c:\users\Dennis\AppData\Local\temp
2011-05-17 18:11 . 2011-05-17 18:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-17 05:00 . 2011-05-17 05:00	--------	d-----w-	C:\_OTL
2011-05-14 19:22 . 2011-05-14 19:22	--------	d-----w-	c:\windows\system32\wbem\en-US
2011-05-14 17:28 . 2011-05-14 17:28	--------	d-----w-	c:\programdata\Nikon
2011-05-14 16:10 . 2011-05-14 16:10	--------	d-----w-	c:\users\Dennis\AppData\Local\Nikon
2011-05-14 16:10 . 2011-05-14 16:10	--------	d-----w-	c:\programdata\Guides
2011-05-14 16:10 . 2011-05-15 19:44	--------	d-----w-	c:\programdata\Helper Scripts
2011-05-14 16:05 . 2011-05-16 18:22	--------	d-----w-	c:\program files\Common Files\Nikon
2011-05-14 16:05 . 2011-05-14 16:10	--------	d-----w-	c:\users\Dennis\AppData\Roaming\Nikon
2011-05-14 16:05 . 2011-05-16 18:22	--------	d-----w-	c:\program files\Nikon
2011-05-14 16:05 . 2011-05-14 16:10	--------	d-----w-	c:\programdata\Ultima_T15
2011-05-14 16:05 . 2011-05-14 16:10	--------	d-----w-	c:\programdata\EnterNHelp
2011-05-14 08:40 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF62C17D-9607-4F2A-8528-F5A40DC6701E}\mpengine.dll
2011-05-12 17:11 . 2011-04-09 06:13	3957632	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-05-12 17:11 . 2011-04-09 06:13	3901824	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-04-28 19:33 . 2011-04-28 19:33	--------	d-----w-	c:\users\Dennis\AppData\Local\CAPCOM
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 16:51 . 2011-04-16 16:51	41872	----a-w-	c:\windows\system32\xfcodec.dll
2011-04-10 20:06 . 2010-01-28 19:31	138056	----a-w-	c:\users\Dennis\AppData\Roaming\PnkBstrK.sys
2011-03-18 08:53 . 2011-03-18 08:53	281760	----a-w-	c:\windows\system32\drivers\atksgt.sys
2011-03-18 08:53 . 2011-03-18 08:53	25888	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2011-03-17 13:27 . 2010-01-16 15:09	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-17 12:05 . 2010-01-23 15:38	266752	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-03-17 12:04 . 2010-01-23 15:38	214864	----a-w-	c:\windows\system32\PnkBstrB.ex0
2011-03-11 05:40 . 2011-04-15 12:55	1137664	----a-w-	c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-15 12:55	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-09 07:54 . 2010-06-24 09:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 05:38 . 2011-04-15 12:55	740864	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-15 12:56	132608	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-15 12:56	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-15 12:55	2331136	----a-w-	c:\windows\system32\win32k.sys
2011-02-24 05:32 . 2011-04-15 12:55	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-23 05:06 . 2011-04-15 12:56	311296	----a-w-	c:\windows\system32\drivers\srv.sys
2011-02-23 05:05 . 2011-04-15 12:56	309760	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-02-23 05:05 . 2011-04-15 12:56	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:05 . 2011-04-15 12:55	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:05 . 2011-04-15 12:55	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:05 . 2011-04-15 12:55	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:05 . 2011-04-15 12:55	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-02-19 05:33 . 2011-03-09 10:33	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 10:33	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 10:33	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-04-15 12:56	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-02-19 03:37 . 2011-04-15 12:56	294912	----a-w-	c:\windows\system32\atmfd.dll
2010-12-13 15:25 . 2010-12-13 15:25	16896	----a-w-	c:\program files\wmdmhelper.dll
2010-12-13 15:25 . 2010-12-13 15:25	641024	----a-w-	c:\program files\rjbres.dll
2010-12-13 15:25 . 2010-12-13 15:25	45056	----a-w-	c:\program files\ierjplug.dll
2010-12-13 15:25 . 2010-12-13 15:25	360960	----a-w-	c:\program files\rjdlg.dll
2010-12-13 15:25 . 2010-12-13 15:25	34304	----a-w-	c:\program files\rjprog.dll
2010-12-13 15:25 . 2010-12-13 15:25	139264	----a-w-	c:\program files\dunzip32.dll
2010-12-13 15:25 . 2010-12-13 15:25	943344	----a-w-	c:\program files\cddblink.dll
2010-12-13 15:25 . 2010-12-13 15:25	9216	----a-w-	c:\program files\fixrjb.exe
2010-12-13 15:25 . 2010-12-13 15:25	1115376	----a-w-	c:\program files\cddbmusicid.dll
2010-12-13 15:25 . 2010-12-13 15:25	74240	----a-w-	c:\program files\tsasdk.dll
2010-12-13 15:25 . 2010-12-13 15:25	45056	----a-w-	c:\program files\mmcdda32.dll
2010-12-13 15:25 . 2010-12-13 15:25	23552	----a-w-	c:\program files\tnetdtct.dll
2010-12-13 15:25 . 2010-12-13 15:25	2041072	----a-w-	c:\program files\cddbcontrol.dll
2010-12-13 15:25 . 2010-12-13 15:25	67072	----a-w-	c:\program files\rpwa3260.dll
2010-12-13 15:25 . 2010-12-13 15:25	48128	----a-w-	c:\program files\tpasdk.dll
2010-12-13 15:25 . 2010-12-13 15:25	16296	----a-w-	c:\program files\realtfon.fon
2010-12-13 15:25 . 2010-12-13 15:25	46800	----a-w-	c:\program files\rpshellsearch.dll
2010-12-13 15:25 . 2010-12-13 15:25	369320	----a-w-	c:\program files\realconverter.exe
2010-12-13 15:25 . 2010-12-13 15:25	345768	----a-w-	c:\program files\convert.exe
2010-12-13 15:25 . 2010-12-13 15:25	390384	----a-w-	c:\program files\mc_enc_mp4v.dll
2010-12-13 15:25 . 2010-12-13 15:25	371880	----a-w-	c:\program files\realtrimmer.exe
2010-12-13 15:25 . 2010-12-13 15:25	119968	----a-w-	c:\program files\realshare.exe
2010-12-13 15:25 . 2010-12-13 15:25	719360	----a-w-	c:\program files\dbghelp.dll
2010-12-13 15:25 . 2010-12-13 15:25	72192	----a-w-	c:\program files\rjwmapln.dll
2010-12-13 15:25 . 2010-12-13 15:25	46592	----a-w-	c:\program files\rpau3260.dll
2010-12-13 15:25 . 2010-12-13 15:25	27824	----a-w-	c:\program files\rndevicedbbuilder.exe
2010-12-13 15:25 . 2010-12-13 15:25	88064	----a-w-	c:\program files\hxaudiodevicehook.dll
2010-12-13 15:25 . 2010-12-13 15:25	86528	----a-w-	c:\program files\rpplugprot.dll
2010-12-13 15:25 . 2010-12-13 15:25	63168	----a-w-	c:\program files\rpshell.dll
2010-12-13 15:25 . 2010-12-13 15:25	117448	----a-w-	c:\program files\rdsf3260.dll
2010-12-13 15:25 . 2010-12-13 15:25	9728	----a-w-	c:\program files\realjbox.exe
2010-12-13 15:25 . 2010-12-13 15:25	18120	----a-w-	c:\program files\rphelperapp.exe
2010-12-13 15:25 . 2010-12-13 15:25	491168	----a-w-	c:\program files\realplay.exe
2010-12-13 15:25 . 2010-12-13 15:25	415456	----a-w-	c:\program files\recordingmanager.exe
2011-04-30 09:52 . 2011-03-28 19:43	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-12-10 357384]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 3203080]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"TkBellExe"="c:\program files\update\realsched.exe" [2010-12-13 274608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-17 813584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2010-1-28 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28	72208	----a-w-	c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30	247728	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz130;cpuz130;c:\users\Dennis\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-01-18 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 TDslMgrService;DSL-Manager;c:\program files\DSL-Manager\DslMgrSvc.exe [2008-10-23 307200]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 16448]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-13 49152]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\iqfpxqni.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-klmdb.sys
MSConfigStartUp-Nuance PDF Converter Professional 7-reminder - c:\program files\Nuance\PDF Professional 7\Ereg\Ereg.exe
MSConfigStartUp-PDF7 Registry Controller - c:\program files\Nuance\PDF Professional 7\RegistryController.exe
MSConfigStartUp-PDFHook - c:\program files\Nuance\PDF Professional 7\pdfpro7hook.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1104991897-3452205834-1985006973-1001\Software\SecuROM\License information*]
"datasecu"=hex:70,6f,99,d8,a2,e2,14,1d,e9,4f,47,61,55,0c,4a,a4,70,2e,06,3d,f0,
   e4,ba,ca,d9,fe,f8,4a,35,ea,8d,b9,0c,6f,14,b7,97,1b,ef,f2,ce,98,45,9a,74,bb,\
"rkeysecu"=hex:33,39,ad,ee,c1,35,01,4f,be,1b,fd,99,6c,b0,9a,ec
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-17  20:12:53
ComboFix-quarantined-files.txt  2011-05-17 18:12
.
Vor Suchlauf: 8 Verzeichnis(se), 146.453.774.336 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 146.467.491.840 Bytes frei
.
- - End Of File - - F4BD1FA49AE5F5C811F572782A87BFBE

--- --- ---

D e n n i s · 17.05.2011, 19:27

Hi, der Windows-Defender läuft wieder.

Dennis

cosinus · 17.05.2011, 19:44

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

D e n n i s · 17.05.2011, 20:43

Hi, die logs in der Reihenfolge gmer, osam, MBRCheck.

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-17 21:27:25
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST3250410AS rev.3.AAF
Running: 59oicdvd.exe; Driver: C:\Users\Dennis\AppData\Local\Temp\pwdirpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                  82C93569 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82CB8092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                           section is writeable [0x92B97300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                           section is writeable [0x92BDA300, 0x1BEE, 0xE8000020]
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                       Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Dennis\AppData\Local\Temp\catchme.sys                                                   Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Update\realsched.exe[2584] kernel32.dll!SetUnhandledExceptionFilter             760D3162 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000052                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167720226                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167720226@9420538ffd3f         0x07 0x48 0xB0 0x27 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167720226 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167720226@9420538ffd3f             0x07 0x48 0xB0 0x27 ...

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:38:39 on 17.05.2011

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files\Creative\AudioCS\CTAudCS.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Dennis\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz130" (cpuz130) - ? - C:\Users\Dennis\AppData\Local\Temp\cpuz130\cpuz_x32.sys  (File not found)
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6A921E8A-C58C-4941-9E71-7946D9DCE941} "CSolidworkPropertyStore Class" - ? - C:\Program Files\SolidWorks Corp\SolidWorks\sldpropertyhandler.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
{877327F4-8A93-4320-932C-338069C27BEA} "PDF Converter 7.0 Shell Extension" - ? - C:\Program Files\Nuance\PDF Professional 7\ShellExt70.dll  (File not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Sldworks Shell Extension "{3AFCEAFB-FFC5-403D-AD33-5914AB4B7ECC}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Launch LGDCore" - "Logitech Inc." - "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
"Launch LgDeviceAgent" - "Logitech Inc." - "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\update\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Office Live Meeting 2007 Document Writer Monitor" - "Microsoft Corporation." - C:\Windows\system32\lmdimon8.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
"Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
"DSL-Manager" (TDslMgrService) - "T-Systems Enterprise Services GmbH" - C:\Program Files\DSL-Manager\DslMgrSvc.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: P5K
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 200):
0x82C05000 \SystemRoot\system32\ntkrnlpa.exe
0x83015000 \SystemRoot\system32\halmacpi.dll
0x80BA6000 \SystemRoot\system32\kdcom.dll
0x8320B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83283000 \SystemRoot\system32\PSHED.dll
0x83294000 \SystemRoot\system32\BOOTVID.dll
0x8329C000 \SystemRoot\system32\CLFS.SYS
0x832DE000 \SystemRoot\system32\CI.dll
0x83389000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B83B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B849000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B891000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B89A000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B8A2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B8AD000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B8D7000 \SystemRoot\System32\drivers\partmgr.sys
0x8B8E8000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B8F8000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B943000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8B94A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B958000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B96E000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B977000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B99A000 \SystemRoot\system32\drivers\amdxata.sys
0x8B9A3000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B9D7000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BA22000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB51000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BB7C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BB8F000 \SystemRoot\System32\Drivers\cng.sys
0x8BBEC000 \SystemRoot\System32\drivers\pcw.sys
0x8BA00000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BC36000 \SystemRoot\system32\drivers\ndis.sys
0x8BCED000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BD2B000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BE07000 \SystemRoot\System32\drivers\tcpip.sys
0x8BF50000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BF81000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BF8A000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BFC9000 \SystemRoot\System32\Drivers\spldr.sys
0x8BFD1000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BD50000 \SystemRoot\System32\Drivers\mup.sys
0x8BD60000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BD68000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BD9A000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BDAB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BC11000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BE00000 \SystemRoot\System32\Drivers\Null.SYS
0x8BDF1000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BA09000 \SystemRoot\System32\drivers\vga.sys
0x8B800000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BA15000 \SystemRoot\System32\drivers\watchdog.sys
0x8BDF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B821000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B829000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B9E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90C32000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90C40000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90C57000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90C62000 \SystemRoot\system32\drivers\afd.sys
0x90CBC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90CEE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90CF5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90D14000 \SystemRoot\system32\DRIVERS\dslmnlwf.sys
0x90D1B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90D29000 \SystemRoot\system32\DRIVERS\serial.sys
0x90D43000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90D56000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90D66000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90D6C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90DAD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90DB7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90DC1000 \SystemRoot\System32\drivers\discache.sys
0x9082D000 \SystemRoot\system32\drivers\csc.sys
0x90891000 \SystemRoot\System32\Drivers\dfsc.sys
0x908A9000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x908B7000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x908DD000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x908DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90900000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91E1E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9289C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9289E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92955000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9298E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x92999000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x929E4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90912000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91E00000 \SystemRoot\system32\DRIVERS\l160x86.sys
0x90931000 \SystemRoot\system32\drivers\ctaud2k.sys
0x909B0000 \SystemRoot\system32\drivers\portcls.sys
0x909DF000 \SystemRoot\system32\drivers\drmk.sys
0x91802000 \SystemRoot\system32\drivers\ks.sys
0x91836000 \SystemRoot\system32\drivers\ctoss2k.sys
0x9186B000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x91873000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x9189F000 \SystemRoot\system32\DRIVERS\fdc.sys
0x918AA000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x918AC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x918CE000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0x918D2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x918DF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x918EC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x918FE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91916000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91921000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91943000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9195B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91972000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91989000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91993000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x919A0000 \SystemRoot\system32\DRIVERS\swenum.sys
0x919A2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x919B0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x97C1A000 \SystemRoot\system32\drivers\ha20x2k.sys
0x97D3D000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x97D47000 \SystemRoot\system32\drivers\emupia2k.sys
0x97D77000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97D88000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x98A1C000 \SystemRoot\system32\drivers\ctac32k.sys
0x98AB8000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x98ACD000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x81E0D000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x81F54000 \SystemRoot\system32\drivers\HdAudio.sys
0x99690000 \SystemRoot\System32\win32k.sys
0x81FA4000 \SystemRoot\System32\drivers\Dxapi.sys
0x81FAE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x81FBB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x81FC6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x81FCF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x81FE0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x81FF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x81E00000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x98AF9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x81FF9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x98B0C000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x98B14000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98B1F000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x98B27000 \SystemRoot\system32\DRIVERS\monitor.sys
0x998F0000 \SystemRoot\System32\TSDDD.dll
0x99920000 \SystemRoot\System32\cdd.dll
0x98B32000 \SystemRoot\system32\drivers\luafv.sys
0x98B4D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x98B62000 \SystemRoot\system32\drivers\WudfPf.sys
0x98B7C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x98B8C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9CA21000 \SystemRoot\system32\drivers\HTTP.sys
0x9CAA6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9CAB2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9CACB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9CADD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CB00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CB3B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CB6E000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9CBB1000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA3E26000 \SystemRoot\system32\drivers\peauth.sys
0xA3EBD000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3EC7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA3EE8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3EF5000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3F44000 \SystemRoot\System32\DRIVERS\srv.sys
0x76F40000 \Windows\System32\ntdll.dll
0x47990000 \Windows\System32\smss.exe
0x77180000 \Windows\System32\apisetschema.dll
0x00910000 \Windows\System32\autochk.exe
0x77120000 \Windows\System32\gdi32.dll
0x77100000 \Windows\System32\sechost.dll
0x76E70000 \Windows\System32\user32.dll
0x770F0000 \Windows\System32\psapi.dll
0x770E0000 \Windows\System32\nsi.dll
0x76D50000 \Windows\System32\wininet.dll
0x76B90000 \Windows\System32\iertutil.dll
0x76AF0000 \Windows\System32\usp10.dll
0x770D0000 \Windows\System32\normaliz.dll
0x76A60000 \Windows\System32\clbcatq.dll
0x76A00000 \Windows\System32\difxapi.dll
0x770C0000 \Windows\System32\lpk.dll
0x77080000 \Windows\System32\ws2_32.dll
0x76970000 \Windows\System32\oleaut32.dll
0x768C0000 \Windows\System32\rpcrt4.dll
0x767B0000 \Windows\System32\urlmon.dll
0x75B60000 \Windows\System32\shell32.dll
0x75AE0000 \Windows\System32\comdlg32.dll
0x75980000 \Windows\System32\ole32.dll
0x75920000 \Windows\System32\shlwapi.dll
0x75880000 \Windows\System32\advapi32.dll
0x75850000 \Windows\System32\imagehlp.dll
0x75830000 \Windows\System32\imm32.dll
0x75690000 \Windows\System32\setupapi.dll
0x755B0000 \Windows\System32\kernel32.dll
0x75500000 \Windows\System32\msvcrt.dll
0x75430000 \Windows\System32\msctf.dll
0x753E0000 \Windows\System32\Wldap32.dll
0x753B0000 \Windows\System32\wintrust.dll
0x75380000 \Windows\System32\cfgmgr32.dll
0x75360000 \Windows\System32\devobj.dll
0x75310000 \Windows\System32\KernelBase.dll
0x75280000 \Windows\System32\comctl32.dll
0x75160000 \Windows\System32\crypt32.dll
0x75150000 \Windows\System32\msasn1.dll

Processes (total 59):
0 System Idle Process
4 System
224 C:\Windows\System32\smss.exe
312 csrss.exe
372 C:\Windows\System32\wininit.exe
380 csrss.exe
428 C:\Windows\System32\services.exe
444 C:\Windows\System32\lsass.exe
452 C:\Windows\System32\lsm.exe
552 C:\Windows\System32\svchost.exe
588 C:\Windows\System32\winlogon.exe
680 C:\Windows\System32\nvvsvc.exe
720 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\audiodg.exe
1036 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1100 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\nvvsvc.exe
1440 C:\Windows\System32\spoolsv.exe
1484 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1504 C:\Windows\System32\svchost.exe
1624 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1668 C:\Windows\System32\svchost.exe
1756 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1856 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1884 C:\Windows\System32\svchost.exe
1924 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1944 C:\Windows\System32\conhost.exe
1952 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
520 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2260 C:\Windows\System32\svchost.exe
2720 C:\Program Files\Windows Media Player\wmpnetwk.exe
2776 C:\Windows\System32\SearchIndexer.exe
3264 C:\Windows\servicing\TrustedInstaller.exe
3464 C:\Windows\System32\dwm.exe
3480 C:\Windows\explorer.exe
3632 C:\Windows\System32\taskhost.exe
3696 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3704 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
3712 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
3724 C:\Windows\System32\Ctxfihlp.exe
3740 C:\Program Files\Update\realsched.exe
3752 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3776 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3820 C:\Program Files\Windows Sidebar\sidebar.exe
716 C:\Windows\System32\CTxfispi.exe
1660 C:\Windows\System32\svchost.exe
1136 dllhost.exe
3208 C:\Windows\System32\svchost.exe
3196 C:\Windows\System32\SearchProtocolHost.exe
1696 C:\Windows\System32\SearchFilterHost.exe
3968 C:\Program Files\Mozilla Firefox\firefox.exe
3592 C:\Users\Dennis\Desktop\MBRCheck.exe
952 C:\Windows\System32\conhost.exe
3308 C:\Windows\System32\dllhost.exe
3356 MpCmdRun.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`d3cbae00 (NTFS)

PhysicalDrive0 Model Number: ST3250410AS, Rev: 3.AAF

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Gruß Dennis

cosinus · 18.05.2011, 09:31

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

18.05.2011, 09:31	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google Umleitung und Windows-Defender deaktiviert Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Google Umleitung und Windows-Defender deaktiviert

Log-Analyse und Auswertung: Google Umleitung und Windows-Defender deaktiviert