Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Vista Home Security 2012 Scareware restlos entfernt ? (https://www.trojaner-board.de/100422-vista-home-security-2012-scareware-restlos-entfernt.html)

Enpece 17.06.2011 12:56

Vista Home Security 2012 Scareware restlos entfernt ?
 
Hallo, ich hatte Vista Home Security 2012 Scareware auf meinen PC.
Mit Hilfe von "Malwarebytes Anti-Malware" und "Spybot - Search & Destroy" konnte ich die Scareware entfernen, sodass keine Popups mehr aufgehen die melden das mein PC angeblich Virenverseucht ist und ich die Software kaufen soll.

Bin mir allerdings nicht sicher ob jetzt wirklich alles restlos entfernt wurde und der PC wieder sicher ist. Deshalb hier mein Logfile.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:45 on 17/06/2011 (Benjamin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

cosinus 17.06.2011 13:02

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Enpece 17.06.2011 15:09

hier das Ergebniss von OTL
OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 17.06.2011 15:17:54 - Run 1
OTL by OldTimer - Version 3.2.24.0    Folder = C:\Users\Benjamin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 63,11% Memory free
7,64 Gb Paging File | 6,92 Gb Available in Paging File | 90,58% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4000 4095 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 37,28 Gb Free Space | 53,99% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 58,10 Gb Free Space | 83,00% Space Free | Partition Type: NTFS
 
Computer Name: BENJAMIN-PC | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39306899-28CE-44B0-89AE-2B83CB3B0E33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7BFE9264-103A-4BD4-82B8-95AFFB4A798E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A8AE81E9-3052-4996-9CA1-8A320C1F5A8F}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{EDCAFB87-FCA0-47CE-80DA-AFF713857874}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D5DC8F-753A-4B94-9046-76CD48A5F9AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1687C288-1D47-4CBB-AF5F-1BAB05F62C77}" = protocol=6 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\updateagent.exe |
"{19678497-61A3-4031-9453-DB5CB65D8198}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{23661545-2F58-462B-A55E-E9938A226428}" = protocol=17 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\servicesoptimizer.exe |
"{259480CC-F410-46B3-AB58-637F4F6E4477}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{2669ECBF-F671-47D6-9246-98D8BBB179C1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{376E55B8-457A-43CB-9119-FCBE369BB192}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{383F6896-5EFE-464B-A7FF-4BD991C92C18}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{40146A54-94A8-4C76-8D61-7933585B1D8E}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{5CF85196-860F-444F-8024-0F14A7455314}" = protocol=6 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\servicesoptimizer.exe |
"{63820155-5768-42DE-8BEE-381C4B08DE29}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{6CE52238-1606-4694-8FA3-2CBB5DB61C7A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{94866FA3-1B1A-407B-A894-E2823433B5A4}" = protocol=17 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\webupdate.exe |
"{98FEAB15-C6FB-4792-8CE6-0CDD2BDD15C6}" = protocol=6 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\webupdate.exe |
"{9BB153FA-B5AD-479D-8A93-A6E36664DCA8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AD62C039-5F5E-427A-8FCD-F8D695936A5E}" = protocol=17 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\updateagent.exe |
"{CB907DE1-1DC6-48E5-9D98-7781F5F3E93D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe |
"{DE79AAEF-AAC8-445F-8A52-66702EC95333}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EDCCC6EA-BE69-40D1-8286-8C3D0EFCD490}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F03E235D-3AD9-4C17-B800-B1A8CE2D455A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe |
"TCP Query User{01D59E42-C117-480D-8996-0007E871470B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CED539B2-4B68-484F-8B20-CE47EFDEA9E2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{36D10377-4713-4F30-82D9-428478E5E6B4}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D7F4BF1F-F036-4792-9782-A41DA5D32C5E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A419C1-0509-4967-87F9-8761D8D6765D}" = ccc-core-static
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1EBE1FE9-A341-3E9B-84C2-ABBB25F313E7}" = Catalyst Control Center Graphics Full New
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{61EE011A-A8D9-C1BD-962D-6342A371B1DB}" = ccc-utility
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6A179A95-BA3E-8E61-D15F-A1DCC6ADBFD9}" = Catalyst Control Center Graphics Previews Vista
"{6F481C0F-B941-5E3F-CABD-0F23E718DF2C}" = Catalyst Control Center Core Implementation
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9C4474-74D6-42F4-A6D3-C9BD5C8871D3}" = Anno 1404
"{80B55F0E-5933-B1E8-4F05-4C386A2E61BD}" = Catalyst Control Center InstallProxy
"{82C0D164-1456-0361-4F39-58435427AFCB}" = Catalyst Control Center Graphics Full Existing
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BCD9811-1084-4941-0222-F993DB70F182}" = ATI Catalyst Install Manager
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A72E0107-CFC5-16FB-BEA6-A74B94425ADD}" = CCC Help English
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF313243-28F5-2434-0B5B-FAA0B8B30B1C}" = Catalyst Control Center Graphics Light
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D6F8B656-4127-D525-8893-8653D72DD136}" = Catalyst Control Center Graphics Previews Common
"{DB4DF8B5-E448-45E5-1C6C-0C276F828E10}" = Skins
"{DE6A3D43-B716-9973-9E2E-4620237464C4}" = Catalyst Control Center HydraVision Full
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAFC9FF9-56BE-414D-B637-537E7D06E7B9}" = Serif PhotoPlus 11
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"7-Zip" = 7-Zip 9.21beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Picasa 3" = Picasa 3
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.01
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"UseNeXT_is1" = UseNeXT
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Winamp" = Winamp (remove only)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2011 08:32:41 | Computer Name = Benjamin-PC | Source = RasClient | ID = 20227
Description =
 
Error - 14.06.2011 08:40:22 | Computer Name = Benjamin-PC | Source = RasClient | ID = 20227
Description =
 
Error - 14.06.2011 20:03:49 | Computer Name = Benjamin-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 16.06.2011 12:21:41 | Computer Name = Benjamin-PC | Source = McLogEvent | ID = 5004
Description =
 
Error - 16.06.2011 12:21:41 | Computer Name = Benjamin-PC | Source = McLogEvent | ID = 5022
Description =
 
Error - 16.06.2011 12:21:41 | Computer Name = Benjamin-PC | Source = McLogEvent | ID = 5004
Description =
 
Error - 16.06.2011 12:21:41 | Computer Name = Benjamin-PC | Source = McLogEvent | ID = 5022
Description =
 
Error - 16.06.2011 19:28:42 | Computer Name = Benjamin-PC | Source = VSS | ID = 8194
Description =
 
Error - 17.06.2011 05:45:17 | Computer Name = Benjamin-PC | Source = VSS | ID = 8194
Description =
 
Error - 17.06.2011 05:56:56 | Computer Name = Benjamin-PC | Source = System Restore | ID = 8193
Description =
 
[ System Events ]
Error - 16.06.2011 14:47:16 | Computer Name = Benjamin-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 16.06.2011 14:47:24 | Computer Name = Benjamin-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 16.06.2011 15:58:05 | Computer Name = Benjamin-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 16.06.2011 15:58:49 | Computer Name = Benjamin-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 16.06.2011 17:57:10 | Computer Name = Benjamin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.06.2011 um 23:55:41 unerwartet heruntergefahren.
 
Error - 16.06.2011 18:06:01 | Computer Name = Benjamin-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 16.06.2011 18:08:25 | Computer Name = Benjamin-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 16.06.2011 18:41:48 | Computer Name = Benjamin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.06.2011 um 00:39:48 unerwartet heruntergefahren.
 
Error - 17.06.2011 04:24:18 | Computer Name = Benjamin-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 17.06.2011 05:29:40 | Computer Name = Benjamin-PC | Source = DCOM | ID = 10010
Description =
 
[ TuneUp Events ]
Error - 28.02.2009 06:24:27 | Computer Name = Benjamin-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 28.02.2009 06:24:32 | Computer Name = Benjamin-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 28.02.2009 17:35:33 | Computer Name = Benjamin-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
 
< End of report >

--- --- ---

cosinus 19.06.2011 20:58

Sind "nur" die Extras, ich brauch auch die OTL.txt

Enpece 21.06.2011 10:31

Inhalt der OTL.txtOTL Logfile:
Code:

OTL logfile created on: 21.06.2011 10:57:33 - Run 2
OTL by OldTimer - Version 3.2.24.0    Folder = C:\Users\x\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 51,43% Memory free
7,64 Gb Paging File | 6,75 Gb Available in Paging File | 88,37% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4000 4095 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 23,15 Gb Free Space | 33,52% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 53,39 Gb Free Space | 76,27% Space Free | Partition Type: NTFS
 
Computer Name: x-PC | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.17 15:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe
PRC - [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.06.28 18:54:42 | 000,073,728 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
PRC - [2007.01.30 10:41:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2007.01.24 12:05:20 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007.01.05 11:31:20 | 000,049,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2006.11.09 03:57:00 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.10.05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.17 15:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.06.17 22:27:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2007.06.28 18:54:42 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006.10.05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.17 11:57:03 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.06.17 11:57:01 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.06.16 23:46:29 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.08.28 16:27:55 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.06.07 17:25:07 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2007.05.06 10:07:05 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007.02.08 00:22:28 | 002,315,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.02.08 00:22:28 | 002,315,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.01.05 01:14:58 | 000,153,984 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2006.12.21 18:53:08 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2006.12.19 10:01:00 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.28 20:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.15 10:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.15 05:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2005.07.07 16:26:04 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005.07.07 16:26:00 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.07.07 16:25:58 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.06.17 00:21:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.06.17 00:21:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.06.17 00:21:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.17 11:05:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.17 11:02:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.06.17 11:09:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.06.17 11:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Extensions
[2011.06.17 11:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.01.07 01:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
[2009.01.07 01:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.06.17 23:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.17 23:00:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.16 23:49:13 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011.06.16 23:49:10 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
File not found (No name found) --
[2011.06.17 00:21:43 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\KAVANTIBANNER@KASPERSKY.RU
[2011.06.17 00:21:43 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\LINKFILTER@KASPERSKY.RU
[2011.06.17 00:21:44 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
[2008.07.30 12:32:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.03.01 19:49:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2011.06.17 23:00:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009.06.27 21:16:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.06.17 22:59:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.03.29 00:00:11 | 000,303,871 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 10469 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -  File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\kloehk.dll) - C:\ProgramData\AVP11\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\x\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\x\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\Shell - "" = AutoRun
O33 - MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\Shell - "" = AutoRun
O33 - MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\Shell - "" = AutoRun
O33 - MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: HSLAB Logger - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: HSLAB Logger Lite - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.18 01:14:18 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\runic games
[2011.06.17 23:13:35 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011.06.17 23:09:38 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3
[2011.06.17 22:24:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam
[2011.06.17 22:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.06.17 22:24:10 | 000,000,000 | ---D | C] -- C:\Programme\Steam
[2011.06.17 20:15:37 | 000,086,016 | ---- | C] (MindVision) -- C:\Windows\unvise32qt.exe
[2011.06.17 20:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2011.06.17 20:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Happyneuron
[2011.06.17 19:32:41 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\SKIDROW
[2011.06.17 18:16:04 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.17 18:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.17 18:15:56 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.17 18:15:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.17 16:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011.06.17 16:23:56 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2011.06.17 16:23:43 | 000,000,000 | ---D | C] -- C:\Users\x\SystemRequirementsLab
[2011.06.17 15:16:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe
[2011.06.17 13:43:37 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.06.17 13:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2011.06.17 11:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.06.17 11:35:26 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.06.17 11:09:09 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\Thunderbird
[2011.06.17 11:09:09 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\Thunderbird
[2011.06.17 11:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011.06.17 11:08:55 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2011.06.17 00:54:34 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.06.17 00:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.06.17 00:09:05 | 000,000,000 | ---D | C] -- C:\Users\x\Downloads\Documents\ForceField Shared Files
[2011.06.17 00:08:45 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\CheckPoint
[2011.06.17 00:07:26 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2011.06.17 00:07:01 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll
[2011.06.16 23:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011.06.16 23:49:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVP11
[2011.06.16 23:47:20 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2011.06.16 23:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.06.16 23:46:29 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.06.16 23:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011.06.16 21:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.06.16 21:44:32 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.06.16 20:32:38 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS
[2011.06.16 17:38:06 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\dvdcss
[1 C:\Users\x\AppData\Local\*.tmp files -> C:\Users\x\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.21 10:52:53 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.21 10:52:53 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.21 10:52:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.18 15:06:04 | 000,010,278 | ---- | M] () -- C:\Users\x\Downloads\Documents\cc_20110618_150601.reg
[2011.06.18 08:34:12 | 000,485,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.17 23:14:02 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011.06.17 22:24:26 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.06.17 20:23:53 | 000,386,742 | ---- | M] () -- C:\Users\x\Downloads\Documents\cc_20110617_202345.reg
[2011.06.17 18:16:05 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.17 15:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe
[2011.06.17 13:45:57 | 000,000,020 | ---- | M] () -- C:\Users\x\defogger_reenable
[2011.06.17 13:44:15 | 000,050,477 | ---- | M] () -- C:\Users\x\Desktop\Defogger.exe
[2011.06.17 11:57:03 | 000,281,760 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.06.17 11:57:01 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.06.17 11:35:27 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.06.17 11:19:17 | 000,219,584 | ---- | M] () -- C:\Users\x\Downloads\Documents\cc_20110617_111911.reg
[2011.06.17 11:09:02 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.06.17 11:05:45 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.06.17 10:29:26 | 000,001,642 | ---- | M] () -- C:\Users\x\Desktop\UseNeXT.lnk
[2011.06.17 01:39:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.06.17 01:39:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.06.17 01:39:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.06.17 00:42:35 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.06.17 00:42:34 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.06.16 23:46:29 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.06.16 22:48:07 | 000,012,146 | -HS- | M] () -- C:\Users\x\AppData\Local\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2
[2011.06.16 22:23:00 | 000,012,134 | -HS- | M] () -- C:\ProgramData\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2
[2011.06.16 21:44:37 | 000,001,071 | ---- | M] () -- C:\Users\x\Desktop\Spybot - Search & Destroy.lnk
[2011.06.16 20:48:15 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011.06.16 20:48:15 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011.06.16 18:38:33 | 000,637,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.16 18:38:32 | 000,678,092 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.16 18:38:32 | 000,147,050 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.16 18:38:32 | 000,120,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Users\x\AppData\Local\*.tmp files -> C:\Users\x\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.18 15:06:03 | 000,010,278 | ---- | C] () -- C:\Users\x\Downloads\Documents\cc_20110618_150601.reg
[2011.06.18 12:30:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.06.17 23:14:02 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011.06.17 22:24:26 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.06.17 20:23:47 | 000,386,742 | ---- | C] () -- C:\Users\x\Downloads\Documents\cc_20110617_202345.reg
[2011.06.17 18:16:05 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.17 13:45:22 | 000,000,020 | ---- | C] () -- C:\Users\x\defogger_reenable
[2011.06.17 13:44:10 | 000,050,477 | ---- | C] () -- C:\Users\x\Desktop\Defogger.exe
[2011.06.17 11:57:03 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.06.17 11:57:01 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.06.17 11:35:27 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.06.17 11:19:13 | 000,219,584 | ---- | C] () -- C:\Users\x\Downloads\Documents\cc_20110617_111911.reg
[2011.06.17 11:09:02 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.06.17 11:05:45 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.06.17 11:05:45 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.06.17 01:39:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.06.16 23:49:01 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.06.16 23:49:00 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.06.16 21:44:37 | 000,001,071 | ---- | C] () -- C:\Users\x\Desktop\Spybot - Search & Destroy.lnk
[2011.06.16 21:13:55 | 000,012,146 | -HS- | C] () -- C:\Users\x\AppData\Local\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2
[2011.06.16 21:13:55 | 000,012,134 | -HS- | C] () -- C:\ProgramData\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2
[2011.06.16 20:12:13 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011.06.16 20:12:13 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011.05.29 10:07:30 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2011.05.29 10:07:29 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.06.05 01:31:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.05 01:31:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.03.29 01:06:40 | 000,000,096 | ---- | C] () -- C:\Users\x\AppData\Local\fusioncache.dat
[2008.11.14 16:46:53 | 000,001,356 | ---- | C] () -- C:\Users\x\AppData\Local\d3d9caps.dat
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.14 19:42:21 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.08.14 11:17:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.26 23:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.04.06 09:47:36 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008.04.06 09:46:25 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.04.06 09:46:13 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.01.15 14:44:18 | 000,000,051 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2007.08.21 21:13:18 | 000,000,094 | ---- | C] () -- C:\Users\x\AppData\Roaming\AVSDVDPlayer.m3u
[2007.06.24 15:42:16 | 000,000,066 | ---- | C] () -- C:\Windows\wininit.ini
[2007.06.14 20:12:08 | 000,000,341 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007.06.07 17:25:07 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys
[2007.05.21 18:48:35 | 000,117,284 | ---- | C] () -- C:\ProgramData\firstlsp.reg.dat
[2007.05.11 15:29:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.05.06 11:03:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.05.06 10:27:10 | 000,000,000 | ---- | C] () -- C:\Windows\sys_mon.dat
[2007.05.06 10:26:51 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2007.05.06 10:26:51 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2007.05.06 09:48:26 | 000,002,744 | R--- | C] () -- C:\Windows\System32\drivers\HDACfg.dat
[2007.05.06 09:48:25 | 000,049,152 | R--- | C] () -- C:\Windows\System32\ChCfg.exe
[2007.05.06 09:39:16 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.05.05 23:57:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.05.05 22:51:45 | 000,045,568 | ---- | C] () -- C:\Users\x\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.02 17:33:31 | 000,678,092 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,147,050 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,485,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,637,304 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,120,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
 
========== LOP Check ==========
 
[2008.12.09 14:17:26 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ASCOMP Software
[2007.05.07 15:42:10 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CH-Soft
[2011.06.17 00:08:45 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CheckPoint
[2009.03.02 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Cimaware
[2008.04.06 09:55:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DualCoreTuner
[2007.06.28 21:51:53 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HSLAB
[2008.04.06 09:50:55 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\MAGIX
[2011.06.18 01:14:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\runic games
[2009.11.19 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Serif
[2011.06.17 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Thunderbird
[2011.06.18 15:22:41 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\UseNeXT
[2011.06.18 18:09:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.06.26 17:10:27 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Adobe
[2007.05.09 21:08:11 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\AdobeUM
[2009.06.12 21:02:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Ahead
[2008.12.09 14:17:26 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ASCOMP Software
[2007.05.06 10:47:49 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ATI
[2007.05.07 15:42:10 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CH-Soft
[2011.06.17 00:08:45 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CheckPoint
[2009.03.02 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Cimaware
[2007.06.10 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CyberLink
[2007.05.10 10:08:19 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DivX
[2008.04.06 09:55:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DualCoreTuner
[2011.06.16 17:38:06 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\dvdcss
[2007.06.28 21:51:53 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HSLAB
[2007.05.05 20:52:17 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Identities
[2007.05.06 09:49:40 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\InstallShield
[2007.05.06 10:55:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Macromedia
[2008.04.06 09:50:55 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\MAGIX
[2009.02.28 12:24:15 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Media Center Programs
[2011.06.17 22:37:53 | 000,000,000 | --SD | M] -- C:\Users\x\AppData\Roaming\Microsoft
[2011.06.17 11:06:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Mozilla
[2009.06.12 21:02:05 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Nero
[2011.06.18 01:14:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\runic games
[2009.11.19 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Serif
[2007.05.11 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Talkback
[2009.06.27 23:56:33 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\teamspeak2
[2011.06.17 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Thunderbird
[2009.03.27 23:54:39 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\tor
[2011.06.18 15:22:41 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\UseNeXT
[2009.03.27 23:55:03 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Vidalia
[2007.08.18 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\vlc
[2011.06.17 23:42:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2007.05.09 21:22:09 | 001,696,768 | ---- | M] (                            ) -- C:\Users\x\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe
[2011.06.18 09:02:23 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\x\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2008.12.10 14:25:31 | 000,010,134 | R--- | M] () -- C:\Users\x\AppData\Roaming\Microsoft\Installer\{80B55F0E-5933-B1E8-4F05-4C386A2E61BD}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.05.06 10:31:46 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007.05.06 10:31:46 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007.05.06 10:31:46 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008.03.16 20:58:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.03.16 20:58:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.03.16 20:58:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.05.05 22:53:54 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.05.05 22:53:54 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\adp94xx.sys
[2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\adpahci.sys
[2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\adpu160m.sys
[2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\adpu320.sys
[2006.11.28 20:11:00 | 001,161,888 | ---- | M] (Agere Systems) Unable to obtain MD5 -- C:\Windows\System32\drivers\AGRSM.sys
[2007.01.03 13:26:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\aliide.sys
[2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\arc.sys
[2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\arcsas.sys
[2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\athr.sys
[2007.02.08 00:22:28 | 002,315,776 | ---- | M] (ATI Technologies Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\atikmdag.sys
[2011.06.17 11:57:03 | 000,281,760 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atksgt.sys
[2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrFiltLo.sys
[2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrFiltUp.sys
[2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrSerId.sys
[2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrSerWdm.sys
[2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrUsbSer.sys
[2006.12.21 18:53:08 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\CLBStor.sys
[2007.01.05 01:14:58 | 000,153,984 | ---- | M] (CyberLink Corporation.) Unable to obtain MD5 -- C:\Windows\System32\drivers\CLBUDF.sys
[2007.01.03 13:26:20 | 000,016,488 | ---- | M] (CMD Technology, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\cmdide.sys
[2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\djsvs.sys
[2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\E1G60I32.sys
[2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) Unable to obtain MD5 -- C:\Windows\System32\drivers\elxstor.sys
[2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) Unable to obtain MD5 -- C:\Windows\System32\drivers\HpCISSs.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) Unable to obtain MD5 -- C:\Windows\System32\drivers\iirsp.sys
[2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\iteatapi.sys
[2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\iteraid.sys
[2005.07.07 16:26:04 | 000,055,216 | ---- | M] (MCCI) Unable to obtain MD5 -- C:\Windows\System32\drivers\k750bus.sys
[2005.07.07 16:26:00 | 000,006,576 | ---- | M] (MCCI) Unable to obtain MD5 -- C:\Windows\System32\drivers\k750mdfl.sys
[2005.07.07 16:25:58 | 000,089,872 | ---- | M] (MCCI) Unable to obtain MD5 -- C:\Windows\System32\drivers\k750mdm.sys
[2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl1.sys
[2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl2.sys
[2011.06.16 23:46:29 | 000,488,536 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klif.sys
[2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\klim6.sys
[2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klmouflt.sys
[2007.05.06 10:07:05 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) Unable to obtain MD5 -- C:\Windows\System32\drivers\KMDFMEMIO.sys
[2011.06.17 11:57:01 | 000,025,888 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\lirsgt.sys
[2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\lsi_fc.sys
[2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\lsi_sas.sys
[2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\lsi_scsi.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\mbam.sys
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\megasas.sys
[2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\Mraid35x.sys
[2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\nfrd960.sys
[2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) Unable to obtain MD5 -- C:\Windows\System32\drivers\ntrigdigi.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\ql2300.sys
[2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\ql40xx.sys
[2006.11.15 10:16:24 | 000,032,256 | ---- | M] (REDC) Unable to obtain MD5 -- C:\Windows\System32\drivers\rimmptsk.sys
[2006.11.15 05:42:46 | 000,043,520 | ---- | M] (REDC) Unable to obtain MD5 -- C:\Windows\System32\drivers\rimsptsk.sys
[2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) Unable to obtain MD5 -- C:\Windows\System32\drivers\rixdptsk.sys
[2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\rmcast.sys
[2006.11.08 12:09:00 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) Unable to obtain MD5 -- C:\Windows\System32\drivers\RTKVHDA.sys
[2006.12.19 10:01:00 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                          ) Unable to obtain MD5 -- C:\Windows\System32\drivers\Rtnicxp.sys
[2006.11.02 08:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) Unable to obtain MD5 -- C:\Windows\System32\drivers\secdrv.sys
[2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) Unable to obtain MD5 -- C:\Windows\System32\drivers\sisraid2.sys
[2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) Unable to obtain MD5 -- C:\Windows\System32\drivers\sisraid4.sys
[2009.08.28 16:27:55 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
[2007.06.07 17:25:07 | 000,081,408 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\SSHDRV86.sys
[2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) Unable to obtain MD5 -- C:\Windows\System32\drivers\ssmdrv.sys
[2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\symc8xx.sys
[2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\sym_hi.sys
[2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\sym_u3.sys
[2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\uliahci.sys
[2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\ulsata.sys
[2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\ulsata2.sys
[2007.01.03 13:26:20 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\viaide.sys
[2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) Unable to obtain MD5 -- C:\Windows\System32\drivers\vsmraid.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2006.11.02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll
[2011.06.17 01:39:00 | 000,353,584 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iedkcs32.dll
[2010.10.05 20:27:04 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\klogon.dll
[2008.01.19 09:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
 
<          >

< End of report >

--- --- ---

cosinus 21.06.2011 10:43

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\Shell - "" = AutoRun
O33 - MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\Shell - "" = AutoRun
O33 - MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\Shell - "" = AutoRun
O33 - MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe
[2011.06.16 21:13:55 | 000,012,146 | -HS- | C] () -- C:\Users\x\AppData\Local\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2
[2011.06.16 21:13:55 | 000,012,134 | -HS- | C] () -- C:\ProgramData\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Enpece 21.06.2011 12:40

So hab ich gemacht.

========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5446f506-158c-11dc-995f-0013773547ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5446f506-158c-11dc-995f-0013773547ed}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83f56081-1530-11dc-b287-0013773547ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83f56081-1530-11dc-b287-0013773547ed}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9eb4dff4-150a-11dc-9df7-0013773547ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9eb4dff4-150a-11dc-9df7-0013773547ed}\ not found.
File F:\autorun.exe not found.
C:\Users\x\AppData\Local\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2 moved successfully.
C:\ProgramData\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2 moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.0 log created on 06212011_133742

cosinus 21.06.2011 13:18

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Enpece 21.06.2011 16:02

Hier das TDSS Log:

2011/06/21 16:58:33.0706 3752 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/21 16:58:34.0071 3752 ================================================================================
2011/06/21 16:58:34.0072 3752 SystemInfo:
2011/06/21 16:58:34.0072 3752
2011/06/21 16:58:34.0072 3752 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/21 16:58:34.0072 3752 Product type: Workstation
2011/06/21 16:58:34.0072 3752 ComputerName: x-PC
2011/06/21 16:58:34.0072 3752 UserName: x
2011/06/21 16:58:34.0072 3752 Windows directory: C:\Windows
2011/06/21 16:58:34.0072 3752 System windows directory: C:\Windows
2011/06/21 16:58:34.0072 3752 Processor architecture: Intel x86
2011/06/21 16:58:34.0072 3752 Number of processors: 2
2011/06/21 16:58:34.0072 3752 Page size: 0x1000
2011/06/21 16:58:34.0072 3752 Boot type: Normal boot
2011/06/21 16:58:34.0072 3752 ================================================================================
2011/06/21 16:58:35.0154 3752 Initialize success
2011/06/21 16:58:53.0146 3652 ================================================================================
2011/06/21 16:58:53.0146 3652 Scan started
2011/06/21 16:58:53.0146 3652 Mode: Manual;
2011/06/21 16:58:53.0146 3652 ================================================================================
2011/06/21 16:58:53.0994 3652 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/21 16:58:54.0130 3652 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/21 16:58:54.0287 3652 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/21 16:58:54.0323 3652 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/21 16:58:54.0362 3652 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/21 16:58:54.0544 3652 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/06/21 16:58:54.0652 3652 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/06/21 16:58:54.0821 3652 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/21 16:58:54.0857 3652 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/21 16:58:54.0909 3652 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/06/21 16:58:55.0051 3652 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/21 16:58:55.0100 3652 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/06/21 16:58:55.0257 3652 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/21 16:58:55.0290 3652 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/21 16:58:55.0454 3652 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/21 16:58:55.0497 3652 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/21 16:58:55.0701 3652 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/21 16:58:55.0747 3652 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/21 16:58:55.0855 3652 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
2011/06/21 16:58:56.0051 3652 atikmdag (1fd94b167a03c4e9909f6e28a6320019) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/21 16:58:56.0255 3652 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/21 16:58:56.0530 3652 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/21 16:58:56.0731 3652 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/21 16:58:56.0777 3652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/21 16:58:56.0806 3652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/21 16:58:56.0939 3652 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/21 16:58:56.0999 3652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/21 16:58:57.0029 3652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/21 16:58:57.0159 3652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/21 16:58:57.0220 3652 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/21 16:58:57.0350 3652 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/21 16:58:57.0449 3652 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/21 16:58:57.0627 3652 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/21 16:58:57.0687 3652 CLBStor (3f6fd6ab34364d5ae54ee2e011123f4c) C:\Windows\system32\drivers\CLBStor.sys
2011/06/21 16:58:57.0831 3652 CLBUDF (474af5894ce5e507c80a687c5e5ded31) C:\Windows\system32\drivers\CLBUDF.sys
2011/06/21 16:58:57.0884 3652 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/21 16:58:58.0054 3652 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/21 16:58:58.0103 3652 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/06/21 16:58:58.0136 3652 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/21 16:58:58.0180 3652 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/21 16:58:58.0307 3652 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/21 16:58:58.0398 3652 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/06/21 16:58:58.0563 3652 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/21 16:58:58.0632 3652 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/21 16:58:58.0712 3652 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/21 16:58:58.0885 3652 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/21 16:58:58.0972 3652 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/21 16:58:59.0133 3652 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/21 16:58:59.0333 3652 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/21 16:58:59.0385 3652 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/21 16:58:59.0451 3652 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/21 16:58:59.0625 3652 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/21 16:58:59.0669 3652 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/21 16:58:59.0717 3652 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/21 16:58:59.0863 3652 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/21 16:58:59.0950 3652 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/21 16:59:00.0120 3652 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/21 16:59:00.0298 3652 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/21 16:59:00.0360 3652 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/21 16:59:00.0524 3652 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/21 16:59:00.0570 3652 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/21 16:59:00.0720 3652 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/21 16:59:00.0772 3652 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/21 16:59:00.0826 3652 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/21 16:59:00.0970 3652 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/21 16:59:01.0038 3652 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/21 16:59:01.0183 3652 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/21 16:59:01.0227 3652 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/21 16:59:01.0348 3652 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/21 16:59:01.0530 3652 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/06/21 16:59:01.0602 3652 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/21 16:59:01.0794 3652 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/21 16:59:01.0865 3652 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/21 16:59:01.0897 3652 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/21 16:59:02.0046 3652 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/21 16:59:02.0093 3652 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/21 16:59:02.0155 3652 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/21 16:59:02.0303 3652 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/21 16:59:02.0349 3652 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/21 16:59:02.0697 3652 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
2011/06/21 16:59:02.0967 3652 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\Windows\system32\DRIVERS\k750mdfl.sys
2011/06/21 16:59:03.0028 3652 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\Windows\system32\DRIVERS\k750mdm.sys
2011/06/21 16:59:03.0171 3652 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/21 16:59:03.0218 3652 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/06/21 16:59:03.0374 3652 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
2011/06/21 16:59:03.0412 3652 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
2011/06/21 16:59:03.0591 3652 KLIF (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys
2011/06/21 16:59:03.0746 3652 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
2011/06/21 16:59:03.0777 3652 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/06/21 16:59:03.0831 3652 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
2011/06/21 16:59:03.0994 3652 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/21 16:59:04.0170 3652 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/06/21 16:59:04.0219 3652 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/21 16:59:04.0287 3652 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/21 16:59:04.0439 3652 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/21 16:59:04.0554 3652 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/21 16:59:04.0687 3652 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/21 16:59:04.0757 3652 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/21 16:59:04.0940 3652 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/21 16:59:05.0057 3652 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/21 16:59:05.0115 3652 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/21 16:59:05.0236 3652 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/21 16:59:05.0369 3652 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/21 16:59:05.0411 3652 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/21 16:59:05.0449 3652 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/21 16:59:05.0566 3652 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/21 16:59:05.0626 3652 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/21 16:59:05.0691 3652 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/21 16:59:05.0824 3652 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/21 16:59:05.0870 3652 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/21 16:59:05.0912 3652 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/06/21 16:59:06.0036 3652 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/21 16:59:06.0120 3652 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/21 16:59:06.0256 3652 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/21 16:59:06.0311 3652 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/21 16:59:06.0372 3652 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/21 16:59:06.0498 3652 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/21 16:59:06.0549 3652 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/21 16:59:06.0594 3652 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/21 16:59:06.0708 3652 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/21 16:59:06.0748 3652 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/21 16:59:06.0824 3652 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/21 16:59:06.0983 3652 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/21 16:59:07.0128 3652 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/21 16:59:07.0171 3652 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/21 16:59:07.0225 3652 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/21 16:59:07.0315 3652 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/21 16:59:07.0423 3652 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/21 16:59:07.0506 3652 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/21 16:59:07.0580 3652 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/21 16:59:07.0687 3652 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/21 16:59:07.0773 3652 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/21 16:59:07.0884 3652 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/21 16:59:08.0070 3652 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/21 16:59:08.0107 3652 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/21 16:59:08.0144 3652 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/21 16:59:08.0173 3652 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/21 16:59:08.0318 3652 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/21 16:59:08.0416 3652 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/21 16:59:08.0574 3652 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/21 16:59:08.0622 3652 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/21 16:59:08.0651 3652 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/21 16:59:08.0695 3652 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/21 16:59:08.0865 3652 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/21 16:59:08.0902 3652 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/21 16:59:09.0013 3652 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/21 16:59:09.0202 3652 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/21 16:59:09.0270 3652 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/21 16:59:09.0323 3652 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/21 16:59:09.0478 3652 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/21 16:59:09.0624 3652 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/21 16:59:09.0689 3652 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/21 16:59:09.0807 3652 R300 (1fd94b167a03c4e9909f6e28a6320019) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/21 16:59:09.0978 3652 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/21 16:59:10.0038 3652 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/21 16:59:10.0138 3652 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/21 16:59:10.0203 3652 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/21 16:59:10.0253 3652 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/21 16:59:10.0365 3652 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/21 16:59:10.0455 3652 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/21 16:59:10.0481 3652 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/21 16:59:10.0541 3652 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/21 16:59:10.0693 3652 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/21 16:59:10.0776 3652 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/21 16:59:10.0812 3652 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/06/21 16:59:10.0932 3652 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
2011/06/21 16:59:11.0032 3652 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/21 16:59:11.0085 3652 RTL8023xp (f7a8c9024e82534cec50613d87e88645) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/06/21 16:59:11.0197 3652 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/21 16:59:11.0303 3652 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/21 16:59:11.0404 3652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/21 16:59:11.0446 3652 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/21 16:59:11.0478 3652 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/21 16:59:11.0554 3652 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/21 16:59:11.0690 3652 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/21 16:59:11.0747 3652 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/21 16:59:11.0880 3652 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/21 16:59:11.0919 3652 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/21 16:59:11.0971 3652 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/21 16:59:12.0088 3652 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/21 16:59:12.0134 3652 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/21 16:59:12.0201 3652 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/21 16:59:12.0356 3652 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/21 16:59:12.0468 3652 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys
2011/06/21 16:59:12.0626 3652 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/21 16:59:12.0702 3652 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/21 16:59:12.0828 3652 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/21 16:59:13.0146 3652 SSHDRV86 (b9e31f2a3640403b0ea3a867bb73b9f4) C:\Windows\system32\drivers\SSHDRV86.sys
2011/06/21 16:59:13.0394 3652 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/21 16:59:13.0477 3652 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/06/21 16:59:13.0660 3652 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/21 16:59:13.0702 3652 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/21 16:59:13.0736 3652 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/21 16:59:13.0768 3652 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/21 16:59:13.0981 3652 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/06/21 16:59:14.0192 3652 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/21 16:59:14.0369 3652 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/21 16:59:14.0420 3652 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/21 16:59:14.0561 3652 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/21 16:59:14.0617 3652 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/21 16:59:14.0659 3652 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/21 16:59:14.0846 3652 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/21 16:59:14.0910 3652 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/21 16:59:14.0969 3652 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/21 16:59:15.0119 3652 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/21 16:59:15.0175 3652 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/21 16:59:15.0268 3652 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/21 16:59:15.0386 3652 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/21 16:59:15.0438 3652 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/21 16:59:15.0493 3652 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/21 16:59:15.0615 3652 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/21 16:59:15.0821 3652 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/06/21 16:59:15.0856 3652 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/21 16:59:15.0898 3652 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/21 16:59:16.0045 3652 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/21 16:59:16.0100 3652 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/21 16:59:16.0148 3652 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/21 16:59:16.0287 3652 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/21 16:59:16.0331 3652 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/21 16:59:16.0387 3652 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/21 16:59:16.0531 3652 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/21 16:59:16.0575 3652 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/21 16:59:16.0607 3652 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/21 16:59:16.0649 3652 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/06/21 16:59:16.0784 3652 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/21 16:59:16.0832 3652 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/21 16:59:16.0869 3652 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/21 16:59:17.0007 3652 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/21 16:59:17.0076 3652 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/21 16:59:17.0120 3652 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/21 16:59:17.0141 3652 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/21 16:59:17.0296 3652 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/21 16:59:17.0362 3652 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/21 16:59:17.0604 3652 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/21 16:59:17.0724 3652 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/21 16:59:17.0824 3652 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/21 16:59:17.0916 3652 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/21 16:59:17.0981 3652 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/21 16:59:18.0006 3652 ================================================================================
2011/06/21 16:59:18.0007 3652 Scan finished
2011/06/21 16:59:18.0007 3652 ================================================================================
2011/06/21 16:59:18.0024 1252 Detected object count: 0
2011/06/21 16:59:18.0024 1252 Actual detected object count: 0

cosinus 21.06.2011 21:24

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Enpece 22.06.2011 00:12

hier das combofixlog:

Combofix Logfile:
Code:

ComboFix 11-06-21.05 - x 22.06.2011  0:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.1789.1207 [GMT 2:00]
ausgeführt von:: c:\users\x\Desktop\cofi.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Steam\Steam.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-05-21 bis 2011-06-21  ))))))))))))))))))))))))))))))
.
.
2011-06-21 23:04 . 2011-06-21 23:04        --------        d-----w-        c:\users\x\AppData\Local\temp
2011-06-21 22:53 . 2011-06-21 22:53        --------        d-----w-        C:\32788R22FWJFW
2011-06-21 11:37 . 2011-06-21 11:37        --------        d-----w-        C:\_OTL
2011-06-18 07:02 . 2011-06-18 07:02        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 23:14 . 2011-06-17 23:14        --------        d-----w-        c:\users\x\AppData\Roaming\runic games
2011-06-17 23:13 . 2009-09-04 15:44        515416        ----a-w-        c:\windows\system32\XAudio2_5.dll
2011-06-17 23:13 . 2009-09-04 15:44        238936        ----a-w-        c:\windows\system32\xactengine3_5.dll
2011-06-17 23:13 . 2009-09-04 15:29        453456        ----a-w-        c:\windows\system32\d3dx10_42.dll
2011-06-17 23:13 . 2009-09-04 15:29        235344        ----a-w-        c:\windows\system32\d3dx11_42.dll
2011-06-17 23:13 . 2009-09-04 15:29        5501792        ----a-w-        c:\windows\system32\d3dcsx_42.dll
2011-06-17 23:13 . 2009-09-04 15:29        1974616        ----a-w-        c:\windows\system32\D3DCompiler_42.dll
2011-06-17 23:13 . 2009-09-04 15:29        1892184        ----a-w-        c:\windows\system32\D3DX9_42.dll
2011-06-17 23:13 . 2009-09-04 15:44        69464        ----a-w-        c:\windows\system32\XAPOFX1_3.dll
2011-06-17 23:13 . 2008-07-31 08:41        68616        ----a-w-        c:\windows\system32\XAPOFX1_1.dll
2011-06-17 23:13 . 2008-07-31 08:40        509448        ----a-w-        c:\windows\system32\XAudio2_2.dll
2011-06-17 23:13 . 2008-07-31 08:41        238088        ----a-w-        c:\windows\system32\xactengine3_2.dll
2011-06-17 21:09 . 2011-06-17 21:11        --------        d-----w-        c:\program files\OpenOffice.org 3
2011-06-17 20:24 . 2011-06-18 06:35        --------        d-----w-        c:\program files\Common Files\Steam
2011-06-17 20:24 . 2011-06-21 23:04        --------        d-----w-        c:\program files\Steam
2011-06-17 18:15 . 2000-01-04 21:20        86016        ----a-w-        c:\windows\unvise32qt.exe
2011-06-17 18:15 . 2011-06-17 18:15        --------        d-----w-        c:\programdata\QuickTime
2011-06-17 17:32 . 2011-06-17 17:32        --------        d-----w-        c:\users\x\AppData\Local\SKIDROW
2011-06-17 16:16 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-17 16:15 . 2011-06-17 16:16        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-06-17 16:15 . 2011-05-29 07:11        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-06-17 14:27 . 2011-06-17 14:27        --------        d-----w-        c:\programdata\Solidshield
2011-06-17 14:23 . 2011-06-17 14:23        --------        d-----w-        c:\program files\SystemRequirementsLab
2011-06-17 14:23 . 2011-06-17 14:23        --------        d-----w-        c:\users\x\SystemRequirementsLab
2011-06-17 11:43 . 2011-06-17 11:43        --------        d-----w-        c:\windows\Internet Logs
2011-06-17 11:35 . 2011-06-17 11:36        --------        d-----w-        c:\programdata\Tages
2011-06-17 09:57 . 2011-06-17 09:57        281760        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2011-06-17 09:57 . 2011-06-17 09:57        25888        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2011-06-17 09:56 . 2009-03-09 13:27        453456        ----a-w-        c:\windows\system32\d3dx10_41.dll
2011-06-17 09:56 . 2009-03-09 13:27        1846632        ----a-w-        c:\windows\system32\D3DCompiler_41.dll
2011-06-17 09:56 . 2009-03-09 13:27        4178264        ----a-w-        c:\windows\system32\D3DX9_41.dll
2011-06-17 09:56 . 2009-03-16 12:18        517448        ----a-w-        c:\windows\system32\XAudio2_4.dll
2011-06-17 09:56 . 2009-03-16 12:18        235352        ----a-w-        c:\windows\system32\xactengine3_4.dll
2011-06-17 09:56 . 2009-03-16 12:18        22360        ----a-w-        c:\windows\system32\X3DAudio1_6.dll
2011-06-17 09:56 . 2008-10-15 04:22        452440        ----a-w-        c:\windows\system32\d3dx10_40.dll
2011-06-17 09:56 . 2008-10-15 04:22        2036576        ----a-w-        c:\windows\system32\D3DCompiler_40.dll
2011-06-17 09:56 . 2008-10-15 04:22        4379984        ----a-w-        c:\windows\system32\D3DX9_40.dll
2011-06-17 09:35 . 2011-06-17 09:35        --------        d-----w-        c:\program files\CCleaner
2011-06-17 09:09 . 2011-06-17 09:09        --------        d-----w-        c:\users\x\AppData\Roaming\Thunderbird
2011-06-17 09:09 . 2011-06-17 09:09        --------        d-----w-        c:\users\x\AppData\Local\Thunderbird
2011-06-17 09:08 . 2011-06-17 09:09        --------        d-----w-        c:\program files\Mozilla Thunderbird
2011-06-16 23:39 . 2011-06-16 23:39        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2011-06-16 22:54 . 2011-06-16 22:54        --------        d-----w-        c:\program files\7-Zip
2011-06-16 22:08 . 2011-06-16 22:08        --------        d-----w-        c:\users\x\AppData\Roaming\CheckPoint
2011-06-16 22:07 . 2011-06-16 22:07        --------        d-----w-        c:\program files\CheckPoint
2011-06-16 22:07 . 2011-02-18 15:28        46592        ----a-w-        c:\windows\system32\vsutil_loc0407.dll
2011-06-16 22:06 . 2010-04-05 20:00        221568        ----a-w-        c:\windows\system32\drivers\netio.sys
2011-06-16 21:49 . 2010-10-05 18:26        109240        ----a-w-        c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak\components\abhelperxpcom.dll
2011-06-16 21:49 . 2011-06-16 21:49        --------        d--h--we        c:\programdata\AVP11
2011-06-16 21:49 . 2010-10-05 18:27        150200        ----a-w-        c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll
2011-06-16 21:49 . 2011-06-16 22:42        115369        ----a-w-        c:\windows\system32\drivers\klin.dat
2011-06-16 21:49 . 2011-06-16 22:42        97859        ----a-w-        c:\windows\system32\drivers\klick.dat
2011-06-16 21:47 . 2011-06-21 22:48        --------        d-----w-        c:\programdata\Kaspersky Lab
2011-06-16 21:47 . 2011-06-16 21:47        --------        d-----w-        c:\program files\Kaspersky Lab
2011-06-16 21:42 . 2011-06-16 21:42        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2011-06-16 19:44 . 2011-06-16 19:54        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2011-06-16 18:32 . 2011-06-16 18:32        --------        d-----w-        C:\$WINDOWS.~LS
2011-06-16 16:47 . 2011-05-24 17:12        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0221549-CAB0-45EA-9394-57DA644082DB}\mpengine.dll
2011-06-16 15:38 . 2011-06-16 15:38        --------        d-----w-        c:\users\x\AppData\Roaming\dvdcss
2011-06-15 08:08 . 2011-04-14 14:59        75264        ----a-w-        c:\windows\system32\drivers\dfsc.sys
2011-06-15 08:07 . 2011-04-21 13:58        273408        ----a-w-        c:\windows\system32\drivers\afd.sys
2011-06-15 08:07 . 2011-04-29 13:25        146432        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-06-15 08:07 . 2011-04-29 13:25        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-06-15 08:07 . 2010-12-20 16:35        563712        ----a-w-        c:\windows\system32\oleaut32.dll
2011-06-15 08:06 . 2011-05-02 17:16        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-06-15 08:06 . 2011-05-02 12:02        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-06-15 08:06 . 2011-04-29 13:24        214016        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 08:06 . 2011-04-29 13:24        79872        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 08:06 . 2011-04-29 13:24        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-05-29 08:07 . 2007-01-15 17:02        40960        ----a-w-        c:\windows\system32\IhDEV.exe
2011-05-29 08:07 . 2006-11-02 05:21        319456        ----a-w-        c:\windows\system32\DIFxAPI.dll
2011-05-29 08:07 . 2006-11-21 09:15        24576        ----a-w-        c:\windows\system32\IhINF.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-03 10:22        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-05-19 15:49 . 2011-05-19 15:49        0        ----a-w-        c:\users\x\AppData\Local\BIT72C8.tmp
2011-05-04 02:52 . 2010-04-26 09:34        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-04-13 22:40 . 2011-04-13 22:40        4284416        ----a-w-        c:\windows\system32\GPhotos.scr
2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-14 16:40 . 2011-06-17 09:05        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\AVP11\kloehk.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSLAB Logger
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSLAB Logger Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 11:49        153136        ----a-w-        c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 16:53        153136        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27        144784        ----a-w-        c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Bcfilter;Jetico Personal Firewall Network Monitor;c:\windows\system32\DRIVERS\bcfilter.sys [x]
R3 BcfilterMP;BcfilterMP;c:\windows\system32\DRIVERS\bcfilter.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-28 721904]
S0 CLBStor;InstantBurn Storage Helper Driver; [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [2007-06-07 81408]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-05-06 13312]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\x\AppData\Roaming\Mozilla\Firefox\Profiles\9ciqrqne.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-Steam App 18500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4540 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-22 01:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{23362141-af3e-42ab-883b-6ee55a7b0612}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:090016e3
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3ba37628-efc2-4c5e-9878-4c49c2fbcb7d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bf3c77c7-bfd9-42d1-8e1e-b1bc6d5616d3}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1a000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c5c0ec18-2608-44b7-8a77-23de68320466}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:090016e3
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d2a478c1-6294-49a4-ad86-1672bad319da}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001377
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2011-06-22  01:08:36
ComboFix-quarantined-files.txt  2011-06-21 23:08
.
Vor Suchlauf: 15 Verzeichnis(se), 30.742.257.664 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 30.554.456.064 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 51C858135162652C114A1E03409A3386

--- --- ---

cosinus 22.06.2011 10:49

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Enpece 22.06.2011 18:20

Hier einmal die Logs:
Gmer:

GMER Logfile:
Code:

GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-22 19:05:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC70P
Running: 3t4rpm7l.exe; Driver: C:\Users\x\AppData\Local\Temp\uglcikow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwAdjustPrivilegesToken [0x8DE1FDAA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwAlpcConnectPort [0x8DE21FE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwAlpcCreatePort [0x8DE22262]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwAlpcSendWaitReceivePort [0x8DE224D8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwClose [0x8DE206BE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwConnectPort [0x8DE214F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwCreateEvent [0x8DE21A3C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwCreateFile [0x8DE2099A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwCreateMutant [0x8DE21922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwCreateNamedPipeFile [0x8DE1F998]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwCreatePort [0x8DE217F6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwCreateSection [0x8DE1FB40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwCreateSemaphore [0x8DE21B5C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwCreateThread [0x8DE20344]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwCreateWaitablePort [0x8DE2188C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwDebugActiveProcess [0x8DE2324A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwDeviceIoControlFile [0x8DE20E1C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwDuplicateObject [0x8DE24458]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwFsControlFile [0x8DE20C2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwLoadDriver [0x8DE2333C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwMapViewOfSection [0x8DE23AA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwOpenEvent [0x8DE21AD2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwOpenFile [0x8DE20740]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwOpenMutant [0x8DE219B2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwOpenProcess [0x8DE1FFE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwOpenSection [0x8DE2383E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwOpenSemaphore [0x8DE21BF2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwOpenThread [0x8DE1FED8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwQueryDirectoryObject [0x8DE227DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwQuerySection [0x8DE23DDE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwQueueApcThread [0x8DE236D0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwReplaceKey [0x8DE1E652]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwReplyPort [0x8DE21F56]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwReplyWaitReceivePort [0x8DE21E1C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwRequestWaitReplyPort [0x8DE22FE4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwRestoreKey [0x8DE1E9CA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwResumeThread [0x8DE242FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwSaveKey [0x8DE1E5EA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwSecureConnectPort [0x8DE21238]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwSetContextThread [0x8DE20560]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwSetInformationToken [0x8DE2287E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwSetSecurityObject [0x8DE234DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwSetSystemInformation [0x8DE23F2E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwSuspendProcess [0x8DE24020]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwSuspendThread [0x8DE2415A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwSystemDebugControl [0x8DE2316E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwTerminateProcess [0x8DE2018E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwTerminateThread [0x8DE200E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwUnmapViewOfSection [0x8DE23C82]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwWriteVirtualMemory [0x8DE2027A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwCreateThreadEx [0x8DE20442]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                    ZwCreateUserProcess [0x8DE22722]

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!KeInsertQueue + 309                                                                                        82CA2900 4 Bytes  [AA, FD, E1, 8D] {STOSB ; STD ; LOOPZ 0xffffffffffffff91}
.text          ntoskrnl.exe!KeInsertQueue + 32D                                                                                        82CA2924 8 Bytes  CALL E5580B48
.text          ntoskrnl.exe!KeInsertQueue + 371                                                                                        82CA2968 4 Bytes  JMP E224D882
.text          ntoskrnl.exe!KeInsertQueue + 399                                                                                        82CA2990 2 Bytes  [BE, 06]
.text          ntoskrnl.exe!KeInsertQueue + 39C                                                                                        82CA2993 1 Byte  [8D]
.text          ...                                                                                                                   
.text          C:\Windows\system32\drivers\SSHDRV86.sys                                                                                section is writeable [0x8DE77000, 0x26354, 0xE8000020]
.pklstb        C:\Windows\system32\drivers\SSHDRV86.sys                                                                                entry point in ".pklstb" section [0x8DEAC000]
.relo2          C:\Windows\system32\drivers\SSHDRV86.sys                                                                                unknown last section [0x8DEC3000, 0x8E, 0x42000040]
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                                  section is writeable [0x996A3300, 0x3B6D8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                  section is writeable [0x996E6300, 0x1BEE, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                  [740F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                    [7414A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                [740FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                          [740EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                    [740F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                [740EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                    [74128395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                        [740FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                [740EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                [740EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                  [740E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                          [7417CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                            [7411C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                [740ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                          [740E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                        [740E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                            [740F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\udfs \UdfsCdRom                                                                                            CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)
Device          \FileSystem\udfs \UdfsDisk                                                                                              CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device          \FileSystem\cdfs \Cdfs                                                                                                  CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                    0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x0B 0xF2 0xD2 0x2C ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{23362141-af3e-42ab-883b-6ee55a7b0612}@Dhcpv6Iaid  151000803
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{23362141-af3e-42ab-883b-6ee55a7b0612}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{3ba37628-efc2-4c5e-9878-4c49c2fbcb7d}@Dhcpv6Iaid  117571668
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{3ba37628-efc2-4c5e-9878-4c49c2fbcb7d}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid  117445666
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bf3c77c7-bfd9-42d1-8e1e-b1bc6d5616d3}@Dhcpv6Iaid  436207616
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bf3c77c7-bfd9-42d1-8e1e-b1bc6d5616d3}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c5c0ec18-2608-44b7-8a77-23de68320466}@Dhcpv6Iaid  151000803
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c5c0ec18-2608-44b7-8a77-23de68320466}@Dhcpv6State  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{d2a478c1-6294-49a4-ad86-1672bad319da}@Dhcpv6Iaid  201331575
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{d2a478c1-6294-49a4-ad86-1672bad319da}@Dhcpv6State  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid  100668450
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State  0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                        0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                      0x0B 0xF2 0xD2 0x2C ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                        0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                      0x0B 0xF2 0xD2 0x2C ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                        0
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                      0x0B 0xF2 0xD2 0x2C ...
Reg            HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                        0
Reg            HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                      0x0B 0xF2 0xD2 0x2C ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                        0
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                      0x0B 0xF2 0xD2 0x2C ...
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{23362141-af3e-42ab-883b-6ee55a7b0612}@Dhcpv6Iaid      151000803
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{23362141-af3e-42ab-883b-6ee55a7b0612}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{3ba37628-efc2-4c5e-9878-4c49c2fbcb7d}@Dhcpv6Iaid      117571668
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{3ba37628-efc2-4c5e-9878-4c49c2fbcb7d}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid      117445666
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{bf3c77c7-bfd9-42d1-8e1e-b1bc6d5616d3}@Dhcpv6Iaid      436207616
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{bf3c77c7-bfd9-42d1-8e1e-b1bc6d5616d3}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{c5c0ec18-2608-44b7-8a77-23de68320466}@Dhcpv6Iaid      151000803
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{c5c0ec18-2608-44b7-8a77-23de68320466}@Dhcpv6State      0
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{d2a478c1-6294-49a4-ad86-1672bad319da}@Dhcpv6Iaid      201331575
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{d2a478c1-6294-49a4-ad86-1672bad319da}@Dhcpv6State      1
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid      100668450
Reg            HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State      0

---- EOF - GMER 1.0.15 ----

--- --- ---

Enpece 22.06.2011 18:21

osam:

OSAM Logfile:
Code:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:13:08 on 22.06.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~2\AVP11\kloehk.dll

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - ? - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\Windows\System32\Drivers\usbaapl.sys  (File not found)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"BcfilterMP" (BcfilterMP) - ? - C:\Windows\System32\DRIVERS\bcfilter.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\x\AppData\Local\Temp\catchme.sys  (File not found)
"CyberLink InstantBurn UDF Filesystem" (CLBUDF) - "CyberLink Corporation." - C:\Windows\system32\drivers\CLBUDF.sys
"InstantBurn Storage Helper Driver" (CLBStor) - "Cyberlink Co.,Ltd." - C:\Windows\system32\drivers\CLBStor.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Jetico Personal Firewall Network Monitor" (Bcfilter) - ? - C:\Windows\System32\DRIVERS\bcfilter.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"SSHDRV86" (SSHDRV86) - ? - C:\Windows\system32\drivers\SSHDRV86.sys
"ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"uglcikow" (uglcikow) - ? - C:\Users\x\AppData\Local\Temp\uglcikow.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
"Exec" - ? - C:\Windows\bdoscandel.exe  (File not found)
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Enpece 22.06.2011 18:22

MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R40P/R41P
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 142):
0x82C35000 \SystemRoot\system32\ntoskrnl.exe
0x82C02000 \SystemRoot\system32\hal.dll
0x80C08000 \SystemRoot\system32\kdcom.dll
0x80C0F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80C7F000 \SystemRoot\system32\PSHED.dll
0x80C90000 \SystemRoot\system32\BOOTVID.dll
0x80C98000 \SystemRoot\system32\CLFS.SYS
0x80CD9000 \SystemRoot\system32\CI.dll
0x8800C000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8852E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x885AA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x885B7000 \SystemRoot\system32\drivers\acpi.sys
0x885FD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x88606000 \SystemRoot\system32\drivers\msisadrv.sys
0x8860E000 \SystemRoot\system32\drivers\pci.sys
0x88635000 \SystemRoot\System32\drivers\partmgr.sys
0x88644000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88647000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88651000 \SystemRoot\system32\drivers\volmgr.sys
0x88660000 \SystemRoot\System32\drivers\volmgrx.sys
0x886AA000 \SystemRoot\system32\drivers\pciide.sys
0x886B1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x886BF000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x886EC000 \SystemRoot\System32\drivers\mountmgr.sys
0x886FC000 \SystemRoot\system32\drivers\atapi.sys
0x88704000 \SystemRoot\system32\drivers\ataport.SYS
0x88722000 \SystemRoot\system32\drivers\fltmgr.sys
0x88754000 \SystemRoot\system32\drivers\fileinfo.sys
0x88764000 \SystemRoot\System32\Drivers\CLBStor.sys
0x88767000 \SystemRoot\System32\Drivers\ksecdd.sys
0x80DB9000 \SystemRoot\system32\drivers\ndis.sys
0x80EC4000 \SystemRoot\system32\drivers\msrpc.sys
0x80EEF000 \SystemRoot\system32\drivers\NETIO.SYS
0x88807000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88917000 \SystemRoot\system32\drivers\volsnap.sys
0x88950000 \SystemRoot\System32\Drivers\spldr.sys
0x88958000 \SystemRoot\System32\Drivers\mup.sys
0x88967000 \SystemRoot\System32\drivers\ecache.sys
0x8898E000 \SystemRoot\system32\drivers\disk.sys
0x8899F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x889C0000 \SystemRoot\system32\drivers\crcdisk.sys
0x889E9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x889F4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x889FD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88A0C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C808000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x88A10000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CF90000 \SystemRoot\System32\drivers\watchdog.sys
0x8CF9C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8CFA6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CFE4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88AB0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88AC8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x88B55000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CFF3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88B68000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x88B71000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88B7C000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x80F2A000 \SystemRoot\system32\DRIVERS\athr.sys
0x88B8D000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x88BA7000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x88BB5000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x80FA0000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C800000 \SystemRoot\system32\DRIVERS\serscan.sys
0x88BC9000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D404000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D445000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D450000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D467000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D472000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D495000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D4A4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D4B8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D4CD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D4DD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D4DF000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D509000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D513000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D520000 \SystemRoot\System32\drivers\vga.sys
0x8D52C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D54D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D582000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D593000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8D6AF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D6B1000 \SystemRoot\system32\drivers\modem.sys
0x8DC01000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8DD92000 \SystemRoot\system32\drivers\portcls.sys
0x8DDBF000 \SystemRoot\system32\drivers\drmk.sys
0x8DDF3000 \SystemRoot\system32\DRIVERS\klif.sys
0x8DE76000 \??\C:\Windows\system32\drivers\SSHDRV86.sys
0x8DEC4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8DECD000 \SystemRoot\System32\Drivers\Null.SYS
0x8DED4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8DEDB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8DEE3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8DEEB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8DEF6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DF04000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DF0D000 \SystemRoot\System32\drivers\tcpip.sys
0x8D6BE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D6D9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DFFA000 \SystemRoot\system32\DRIVERS\kl2.sys
0x8D6EF000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D703000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D735000 \SystemRoot\system32\drivers\afd.sys
0x8D77D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D793000 \SystemRoot\system32\DRIVERS\klim6.sys
0x8D79B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D7A9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D7BC000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8D7C2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x887D8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x887E2000 \SystemRoot\System32\Drivers\dfsc.sys
0x889C9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x889D6000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x889E1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97480000 \SystemRoot\System32\win32k.sys
0x88000000 \SystemRoot\System32\drivers\Dxapi.sys
0x976A0000 \SystemRoot\System32\TSDDD.dll
0x976C0000 \SystemRoot\System32\cdd.dll
0x99408000 \SystemRoot\system32\drivers\luafv.sys
0x99423000 \SystemRoot\System32\Drivers\CLBUDF.SYS
0x99449000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9945F000 \SystemRoot\system32\DRIVERS\udfs.sys
0x9949A000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0x994AA000 \SystemRoot\system32\drivers\spsys.sys
0x9955A000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x9958A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9959A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x995AD000 \SystemRoot\system32\drivers\HTTP.sys
0x9961A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x99633000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99652000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9968B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x996A3000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x996E6000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x996EB000 \SystemRoot\system32\drivers\peauth.sys
0x997C9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x997D3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x997DF000 \??\C:\Users\x\AppData\Local\Temp\uglcikow.sys
0x8DDE4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77180000 \Windows\System32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
532 C:\Windows\System32\smss.exe
600 csrss.exe
640 C:\Windows\System32\wininit.exe
648 csrss.exe
684 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
756 C:\Windows\System32\winlogon.exe
896 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\audiodg.exe
1248 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\SLsvc.exe
1444 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\spoolsv.exe
1696 C:\Windows\System32\svchost.exe
1772 C:\Windows\System32\taskeng.exe
1780 C:\Windows\explorer.exe
1864 C:\Windows\System32\taskeng.exe
1996 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
2016 C:\Windows\System32\taskeng.exe
476 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
540 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
676 C:\Windows\RtHDVCpl.exe
904 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1056 C:\Windows\ehome\ehtray.exe
1112 C:\Program Files\Windows Media Player\wmpnscfg.exe
1328 C:\Windows\System32\agrsmsvc.exe
1364 C:\Windows\ehome\ehmsas.exe
1692 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1316 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2080 C:\Windows\System32\svchost.exe
2188 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2264 C:\Windows\System32\SearchIndexer.exe
2928 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3200 C:\Program Files\Windows Media Player\wmpnetwk.exe
1584 C:\Windows\System32\svchost.exe
3496 C:\Windows\System32\SearchProtocolHost.exe
3672 C:\Windows\System32\SearchFilterHost.exe
3528 C:\Users\x\Desktop\MBRCheck.exe
2864 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`c3300000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132