Trojaner-Board - Merkwürdiges Verhalten aber keine Viren

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Merkwürdiges Verhalten aber keine Viren (https://www.trojaner-board.de/101555-merkwuerdiges-verhalten-keine-viren.html)

Merkwürdiges Verhalten aber keine Viren

Hallo Liebes Trojaner-Board Team,
auf der Suche nach der Fehlerbehebung meines Fehler/s bin ich auf euch Aufmerksam geworden.
Mein folgendes Anliegen:
Manche Programme starten nicht obwohl ich sie ordnungsgemäß starte (Windows 7 Nutzer).

Manche Bilder im Netz kann ich nicht sehen (aber halbso schlimm)
Vielmehr wundert mich es, das ich Malewarebytes 2mal durchlaufen ließ (Vollscann + Aktuallisiert) hat der kein Virus gefunden.
Mein Antivir ebenso.

In der hoffnung auf OTL hoffe ich, das ihr mir damit helfen könnt.
Virus habe ich defenitiv keine muss also defeckte exe oder sonstiges sein.

Zitat:

OTL Extras logfile created on: 21.07.2011 06:20:05 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\*****\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,72% Memory free
4,00 Gb Paging File | 2,78 Gb Available in Paging File | 69,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 385,16 Gb Free Space | 82,70% Space Free | Partition Type: NTFS
Drive D: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DEDF2885-0086-4534-9912-F9B97377ED07}" = AGEIA GAME System Software
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"HyperCam 2" = HyperCam 2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Veetle TV" = Veetle TV
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Länderfile Aserbaidschan" = Länderfile Aserbaidschan

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Bitte trotzdem ALLE Logs von Malwarebytes posten.

Führe auch bitte ESET aus, danach sehen wir weiter.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Ersteinmal, entschuldigung das es so lange gedauert hat aber aus beruflichen Gründen konnte ich nicht eher.
Dummerweise habe ich meine Logfile gelöscht sodas ich ein erneuten Scann machen musste. Und siehe da: 4 Funde.
Zur sicherheit mache füge ich noch eine OTL Log-File hinzu, zu Sicherheitshalber.

Hier Malewarebytes:

Zitat:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7223

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

21.07.2011 18:02:56
mbam-log-2011-07-21 (18-02-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 438390
Laufzeit: 1 Stunde(n), 20 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\********\AppData\LocalLow\Sun\Java\deployment\cache\6.0\15\36eab94f-16920b8b (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\********\AppData\Roaming\Adobe\plugs\mmc362998.txt (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\********\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\********\AppData\Roaming\Adobe\plugs\mmc217.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Diese habe ich natürlich sofort gelöscht

So nun zu aktuellen OTL:
OTL Logfile:

Code:

OTL logfile created on: 21.07.2011 18:04:41 - Run 5

OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\********\Downloads

 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,77% Memory free

4,00 Gb Paging File | 2,63 Gb Available in Paging File | 65,87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465,75 Gb Total Space | 379,88 Gb Free Space | 81,56% Space Free | Partition Type: NTFS

Drive D: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: ********-PC | User Name: ******** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.07.21 18:02:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\********\Downloads\OTL.exe

PRC - [2011.07.02 14:15:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.30 22:21:10 | 002,588,784 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe

PRC - [2011.06.24 08:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2011.06.24 08:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

PRC - [2011.05.25 09:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.05.05 14:15:53 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe

PRC - [2011.04.30 01:55:23 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2010.11.20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.11.20 05:17:02 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.07.21 18:02:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\********\Downloads\OTL.exe

MOD - [2010.11.20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- ({D8F737AD-AF9D-40ED-B1683075A1C327EA})

SRV - [2011.07.13 19:54:31 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.02 14:15:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.29 20:08:36 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)

SRV - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.04.30 01:55:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.12.10 07:36:00 | 003,648,584 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011.07.02 14:15:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.02 14:15:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.06.28 18:06:34 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2011.06.28 18:05:02 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2011.05.25 09:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2010.11.20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)

DRV - [2010.11.20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010.11.20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)

DRV - [2010.11.20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.11.20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010.11.20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)

DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)

DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)

DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 70 EF D1 68 DB CB 01  [binary data]

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"

FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 3

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}: C:\Users\********\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.21 16:20:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.21 16:20:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\********\AppData\Roaming\5015

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.21 17:09:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.10 18:51:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\********\AppData\Roaming\5015

 

[2011.05.27 06:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\Mozilla\Extensions

[2011.07.05 23:31:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions

[2011.04.14 07:01:00 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\battlefieldplay4free@ea.com

[2011.07.05 23:31:04 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\ffxtlbr@Facemoods.com

[2011.07.15 18:58:38 | 000,001,056 | ---- | M] () -- C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\searchplugins\icqplugin.xml

[2011.06.21 17:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- 

[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.12.30 21:03:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.07.05 23:31:05 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.05.16 16:18:22 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 0

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: infospyware.net ([www] https in Trusted sites)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]

O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - D:\autorun.dat -- [ UDF ]

O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts)

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.07.21 17:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.07.20 15:52:08 | 000,000,000 | ---D | C] -- C:\Temp

[2011.07.20 15:39:29 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys

[2011.07.20 15:39:29 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys

[2011.07.20 15:39:29 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys

[2011.07.20 15:39:29 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys

[2011.07.20 15:39:29 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys

[2011.07.20 15:39:29 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys

[2011.07.20 15:39:28 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys

[2011.07.20 15:38:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32

[2011.07.20 15:28:10 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Samsung

[2011.07.20 15:28:00 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\samsung

[2011.07.20 15:24:35 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys

[2011.07.20 15:24:35 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys

[2011.07.20 15:24:35 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys

[2011.07.20 15:24:35 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys

[2011.07.20 15:24:35 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys

[2011.07.20 15:24:35 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys

[2011.07.20 15:24:35 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys

[2011.07.20 15:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

[2011.07.20 15:23:45 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll

[2011.07.20 15:23:35 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll

[2011.07.20 15:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny

[2011.07.20 15:23:07 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Samsung

[2011.07.20 15:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

[2011.07.20 15:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung

[2011.07.18 01:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle

[2011.07.17 21:55:30 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\Trapped Dead

[2011.07.16 00:09:28 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Komplettes Länderfile Aserbaidschan

[2011.07.15 04:19:06 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\FalloutNV

[2011.07.10 18:59:53 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\UEFA EURO 2008

[2011.07.10 13:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

[2011.07.09 19:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer.com

[2011.07.09 19:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mplayer

[2011.07.09 19:51:32 | 000,305,152 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe

[2011.07.09 16:12:11 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2011.07.09 16:12:11 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll

[2011.07.09 16:12:11 | 011,992,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll

[2011.07.09 16:12:11 | 010,589,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2011.07.09 16:12:11 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2011.07.09 16:12:11 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2011.07.09 16:12:11 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2011.07.09 16:12:11 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220150.dll

[2011.07.09 16:12:11 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322090.dll

[2011.07.09 16:12:11 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

[2011.07.09 16:12:11 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd

[2011.07.09 03:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\AutoShutdownManager

[2011.07.08 23:57:55 | 000,000,000 | ---D | C] -- C:\Users\********\Desktop\Commando

[2011.07.07 14:49:03 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Fallout3

[2011.07.06 20:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Activision

[2011.07.06 19:47:47 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache

[2011.07.05 23:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader

[2011.07.03 16:08:11 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\FUSSBALL MANAGER 11 ONLINE

[2011.06.29 19:58:43 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\ts3overlay

[2011.06.27 15:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cossacks - Back To War

[2011.06.26 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\GTA San Andreas User Files

[2011.06.26 00:07:20 | 000,268,048 | ---- | C] (MetaCreations Corporation) -- C:\Windows\System32\dxtmeta2.dll

[2011.06.25 23:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes

[2011.06.25 23:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes

[2011.06.22 17:49:56 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys

[2011.06.22 17:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\AMD

[2011.06.22 17:49:53 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Downloaded Installations

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\********\AppData\Roaming\*.tmp files -> C:\Users\********\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.07.21 18:00:23 | 000,025,328 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.07.21 18:00:23 | 000,025,328 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.07.21 08:41:12 | 000,001,078 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

[2011.07.21 08:41:12 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk

[2011.07.21 06:53:06 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk

[2011.07.21 06:33:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.07.20 16:23:16 | 000,678,770 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.07.20 16:23:16 | 000,628,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.07.20 16:23:16 | 000,138,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.07.20 16:23:16 | 000,114,108 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.07.20 15:50:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011.07.20 15:27:53 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk

[2011.07.18 04:54:26 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.07.14 00:32:17 | 000,001,697 | ---- | M] () -- C:\WarRock.ini

[2011.07.12 17:59:10 | 000,000,717 | ---- | M] () -- C:\Windows\QIII.INI

[2011.07.11 21:25:56 | 000,022,328 | ---- | M] () -- C:\Users\********\AppData\Roaming\PnkBstrK.sys

[2011.07.09 03:35:17 | 000,013,521 | ---- | M] () -- C:\Users\********\Desktop\herunterfahren.zip

[2011.07.07 01:40:55 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.07.04 16:26:28 | 000,174,013 | ---- | M] () -- C:\Users\********\Desktop\Unbenannt.png

[2011.07.02 14:15:35 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.07.02 14:15:35 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.06.28 18:06:34 | 000,271,360 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys

[2011.06.28 18:05:02 | 000,018,048 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys

[2011.06.27 17:47:59 | 000,002,210 | ---- | M] () -- C:\Users\********\.recently-used.xbel

[2011.06.27 15:08:52 | 000,053,248 | ---- | M] () -- C:\Windows\System32\unrar.dll

[2011.06.26 18:00:00 | 000,000,215 | ---- | M] () -- C:\Users\********\Desktop\Grand Theft Auto San Andreas.url

[2011.06.25 23:07:35 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\********\AppData\Roaming\*.tmp files -> C:\Users\********\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.07.21 08:41:12 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

[2011.07.21 06:53:06 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk

[2011.07.20 15:50:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011.07.20 15:27:53 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk

[2011.07.09 19:51:29 | 000,000,717 | ---- | C] () -- C:\Windows\QIII.INI

[2011.07.09 03:43:26 | 000,013,521 | ---- | C] () -- C:\Users\********\Desktop\herunterfahren.zip

[2011.07.05 23:30:43 | 000,001,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk

[2011.07.05 23:30:42 | 000,001,851 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk

[2011.07.05 23:30:42 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk

[2011.07.04 16:26:27 | 000,174,013 | ---- | C] () -- C:\Users\********\Desktop\Unbenannt.png

[2011.06.28 18:05:21 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2011.06.28 18:05:02 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2011.06.27 17:47:59 | 000,002,210 | ---- | C] () -- C:\Users\********\.recently-used.xbel

[2011.06.27 15:08:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011.06.26 00:00:08 | 000,000,215 | ---- | C] () -- C:\Users\********\Desktop\Grand Theft Auto San Andreas.url

[2011.06.25 23:07:35 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk

[2011.06.08 21:30:19 | 814,041,040 | ---- | C] () -- C:\Program Files\War_Rock_20110307_G1.exe

[2011.05.27 12:49:10 | 000,000,092 | ---- | C] () -- C:\Users\********\AppData\Local\fusioncache.dat

[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2011.05.15 12:58:47 | 000,000,012 | ---- | C] () -- C:\ProgramData\io.ini

[2011.04.30 20:58:41 | 000,000,096 | ---- | C] () -- C:\Windows\wininit.ini

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011.03.31 00:27:56 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini

[2011.03.19 23:24:26 | 000,000,080 | ---- | C] () -- C:\Users\********\AppData\Local\X-Plane Installer.prf

[2011.03.02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.03.02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011.03.02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011.03.02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011.03.02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2011.02.24 18:21:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.02.17 15:48:15 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI

[2011.02.09 13:03:04 | 000,000,239 | ---- | C] () -- C:\Windows\SIERRA.INI

[2011.02.07 02:34:41 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI

[2011.01.31 18:20:21 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat

[2011.01.22 02:35:04 | 000,022,328 | ---- | C] () -- C:\Users\********\AppData\Roaming\PnkBstrK.sys

[2011.01.08 09:13:48 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2011.01.04 21:41:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009.07.14 10:47:43 | 000,678,770 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 10:47:43 | 000,138,914 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 06:33:53 | 000,265,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 04:05:48 | 000,628,662 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 04:05:48 | 000,114,108 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

 
 ========== LOP Check ==========

 

[2011.04.08 17:19:24 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\.minecraft

[2011.06.11 13:27:48 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Bioshock

[2011.02.02 19:38:12 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Command and Conquer 4

[2011.04.14 07:01:00 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Digitanks

[2011.01.03 06:12:13 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.05.01 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\FileZilla

[2011.02.05 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\FOG Downloader

[2011.05.07 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\GetRightToGo

[2011.06.27 17:47:59 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\gtk-2.0

[2011.05.27 00:37:25 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ICQ

[2011.04.12 14:17:53 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Leadertech

[2011.06.15 06:35:44 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\NationRed

[2011.04.06 05:36:09 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Petroglyph

[2011.05.09 18:25:03 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ProtectDisc

[2011.07.20 15:23:07 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Samsung

[2011.05.13 22:20:59 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\SoftGrid Client

[2011.05.27 00:37:27 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Sony

[2011.04.14 07:00:59 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\temp

[2011.02.07 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Thies Gerken

[2011.04.18 18:46:11 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TileRacer

[2011.06.10 16:48:03 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TS3Client

[2011.06.29 19:58:43 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ts3overlay

[2011.01.15 03:31:51 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TuneUp Software

[2011.04.14 05:56:41 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Uniblue

[2011.06.26 17:58:26 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

So nun weiter im Text bzw zum Vorpost:

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1fcb5fe6a33cdb4598493d9a34fa111b
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-21 03:44:40
# local_time=2011-07-21 05:44:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 39641 47799832 32434 0
# compatibility_mode=5893 16776574 100 94 8505727 62894202 0 0
# compatibility_mode=8192 67108863 100 0 264 264 0 0
# scanned=608
# found=0
# cleaned=0
# scan_time=69
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1fcb5fe6a33cdb4598493d9a34fa111b
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-21 04:10:33
# local_time=2011-07-21 06:10:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 41263 47801454 34056 0
# compatibility_mode=5893 16776574 100 94 8507349 62895824 0 0
# compatibility_mode=8192 67108863 100 0 1886 1886 0 0
# scanned=129
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1fcb5fe6a33cdb4598493d9a34fa111b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-21 05:49:57
# local_time=2011-07-21 07:49:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 41306 47801497 34099 0
# compatibility_mode=5893 16776574 100 94 8507392 62895867 0 0
# compatibility_mode=8192 67108863 100 0 1929 1929 0 0
# scanned=263552
# found=14
# cleaned=0
# scan_time=5921
C:\Program Files\GamersFirst\War Rock\system\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\Local\Mozilla\Firefox\Profiles\sdt57vlf.default\Cache\7\F7\762AAd01 JS/Kryptik.BI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\Local\Mozilla\Firefox\Profiles\sdt57vlf.default\Cache\D\3D\99CAFd01 JS/Kryptik.BD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-7ede5054 Java/Exploit.CVE-2010-4452.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4144d260-2008220c Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-340dfbab Java/TrojanDownloader.Agent.ME trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\72e2fe76-5bae2686 Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\10a506b7-42a91d93 a variant of Java/Exploit.CVE-2010-4452.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\51444dfa-258f31a1 a variant of Java/TrojanDownloader.OpenStream.NBE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\51444dfa-421b4a24 a variant of Java/TrojanDownloader.OpenStream.NBE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\51444dfa-4faea00c a variant of Java/TrojanDownloader.OpenStream.NBE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\51444dfa-64d63ec9 a variant of Java/TrojanDownloader.OpenStream.NBE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\51444dfa-6d62e673 a variant of Java/TrojanDownloader.OpenStream.NBE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\734cfb3f-44464849 Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I

Hoffe ihr versteht das was da angezeigt wird.
Für mich ist das irgendwie alles Chinesisch aber ich setze Vertrauen in euch.
Sers

Zitat:

Dummerweise habe ich meine Logfile gelöscht

Was heißt gelöscht? Absichtlich aus der Liste der Logdateien entfernt??

Vielleich hab ich mich falsch ausgedrückt.
Nach einer Anzahl ( eigenes Gefühl) lösche ich die da sie mir viel Platz wegnehmen und dadurch ist es für mich sehr unübersichtlich.
Daher habe ich dummerweise bzw nichts ahnend das man die noch brauch gelöscht.
Aber ich werde es mir merken und nächstes mal besser machen

Zitat:

lösche ich die da sie mir viel Platz wegnehmen

Logs sind reine Textdateien, die nehmen fast gar kein Platz weg!

Sind noch Dateien hier zu sehen => C:\Users\DEIN NAME\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Zitat:

C:\Program Files\GamersFirst\War Rock\system\WarRock.exe

Was soll das sein?

Zum ersten:
Ich meinte optisch :)

Zum zweiten:
Ein Online Spiel wo ich mit leuten/kollegen spiele.

Die Logs sind auch nicht mehr in dem besagten Pfad?

Nur denn ich oben gepostet habe.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

SRV - File not found [On_Demand | Stopped] --  -- ({D8F737AD-AF9D-40ED-B1683075A1C327EA})

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]

O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - D:\autorun.dat -- [ UDF ]

O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts)

[2011.07.20 15:38:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Vielen Dank für deine Hilfe.
Hier ist das OTL Ergebniss:

Zitat:

========== OTL ==========
Service {D8F737AD-AF9D-40ED-B1683075A1C327EA} stopped successfully!
Service {D8F737AD-AF9D-40ED-B1683075A1C327EA} deleted successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc86f325-1447-11e0-8218-806e6f6e6963}\ not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
C:\Windows\System32\System32 folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07222011_150527

Files\Folders moved on Reboot...
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Zitat:

2011/07/22 17:52:38.0097 3824 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/22 17:52:38.0580 3824 ================================================================================
2011/07/22 17:52:38.0580 3824 SystemInfo:
2011/07/22 17:52:38.0580 3824
2011/07/22 17:52:38.0580 3824 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/22 17:52:38.0580 3824 Product type: Workstation
2011/07/22 17:52:38.0580 3824 ComputerName: ******-PC
2011/07/22 17:52:38.0580 3824 UserName: ******
2011/07/22 17:52:38.0580 3824 Windows directory: C:\Windows
2011/07/22 17:52:38.0580 3824 System windows directory: C:\Windows
2011/07/22 17:52:38.0580 3824 Processor architecture: Intel x86
2011/07/22 17:52:38.0580 3824 Number of processors: 2
2011/07/22 17:52:38.0580 3824 Page size: 0x1000
2011/07/22 17:52:38.0580 3824 Boot type: Normal boot
2011/07/22 17:52:38.0580 3824 ================================================================================
2011/07/22 17:52:41.0123 3824 Initialize success

Unhide brauche ich anwenden da ich alles sehen und auch anwenden kann

Log ist zu kurz - hast du beide Haken gesetzt?

Ja
Die waren auch schon so.

Das glaub ich so nicht ganz, probier es bitte nochmal.

Komisch, jetzt hat es auf anhieb geklappt:

Zitat:

2011/07/23 00:51:18.0222 5620 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/23 00:51:18.0689 5620 ================================================================================
2011/07/23 00:51:18.0690 5620 SystemInfo:
2011/07/23 00:51:18.0690 5620
2011/07/23 00:51:18.0690 5620 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/23 00:51:18.0690 5620 Product type: Workstation
2011/07/23 00:51:18.0690 5620 ComputerName: ******-PC
2011/07/23 00:51:18.0691 5620 UserName: ******
2011/07/23 00:51:18.0691 5620 Windows directory: C:\Windows
2011/07/23 00:51:18.0691 5620 System windows directory: C:\Windows
2011/07/23 00:51:18.0691 5620 Processor architecture: Intel x86
2011/07/23 00:51:18.0691 5620 Number of processors: 2
2011/07/23 00:51:18.0691 5620 Page size: 0x1000
2011/07/23 00:51:18.0691 5620 Boot type: Normal boot
2011/07/23 00:51:18.0691 5620 ================================================================================
2011/07/23 00:51:20.0358 5620 Initialize success
2011/07/23 00:51:35.0996 5268 ================================================================================
2011/07/23 00:51:35.0996 5268 Scan started
2011/07/23 00:51:35.0996 5268 Mode: Manual;
2011/07/23 00:51:35.0996 5268 ================================================================================
2011/07/23 00:51:37.0297 5268 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/23 00:51:37.0344 5268 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys
2011/07/23 00:51:37.0393 5268 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/23 00:51:37.0430 5268 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/23 00:51:37.0464 5268 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/23 00:51:37.0493 5268 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/23 00:51:37.0516 5268 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/23 00:51:37.0581 5268 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/07/23 00:51:37.0620 5268 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/23 00:51:37.0652 5268 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/23 00:51:37.0703 5268 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/23 00:51:37.0727 5268 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/23 00:51:37.0749 5268 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/23 00:51:37.0786 5268 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/23 00:51:37.0815 5268 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
2011/07/23 00:51:37.0834 5268 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/23 00:51:37.0879 5268 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/07/23 00:51:37.0908 5268 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/23 00:51:37.0940 5268 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/07/23 00:51:37.0990 5268 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/23 00:51:38.0031 5268 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/23 00:51:38.0052 5268 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/23 00:51:38.0095 5268 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/23 00:51:38.0116 5268 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/23 00:51:38.0165 5268 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/07/23 00:51:38.0238 5268 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/23 00:51:38.0262 5268 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/23 00:51:38.0303 5268 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/23 00:51:38.0327 5268 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/23 00:51:38.0352 5268 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/23 00:51:38.0372 5268 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/23 00:51:38.0395 5268 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/23 00:51:38.0406 5268 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/23 00:51:38.0415 5268 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/23 00:51:38.0435 5268 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/23 00:51:38.0448 5268 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/23 00:51:38.0460 5268 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/23 00:51:38.0469 5268 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/23 00:51:38.0479 5268 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/23 00:51:38.0492 5268 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/23 00:51:38.0526 5268 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/23 00:51:38.0554 5268 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/23 00:51:38.0585 5268 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/23 00:51:38.0623 5268 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/23 00:51:38.0651 5268 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/23 00:51:38.0667 5268 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/23 00:51:38.0688 5268 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/23 00:51:38.0716 5268 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/23 00:51:38.0768 5268 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/07/23 00:51:38.0786 5268 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/23 00:51:38.0850 5268 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/07/23 00:51:38.0915 5268 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/23 00:51:38.0938 5268 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/23 00:51:38.0975 5268 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/23 00:51:39.0031 5268 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/23 00:51:39.0068 5268 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/23 00:51:39.0250 5268 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/23 00:51:39.0415 5268 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/07/23 00:51:39.0444 5268 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/23 00:51:39.0495 5268 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/23 00:51:39.0544 5268 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/23 00:51:39.0565 5268 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/23 00:51:39.0783 5268 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/23 00:51:39.0844 5268 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/23 00:51:39.0867 5268 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/23 00:51:39.0888 5268 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/23 00:51:39.0924 5268 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/23 00:51:39.0956 5268 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/23 00:51:39.0977 5268 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/23 00:51:40.0013 5268 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/23 00:51:40.0040 5268 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/23 00:51:40.0086 5268 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/23 00:51:40.0126 5268 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/23 00:51:40.0177 5268 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/07/23 00:51:40.0214 5268 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/23 00:51:40.0237 5268 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/23 00:51:40.0255 5268 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/23 00:51:40.0282 5268 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/23 00:51:40.0320 5268 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/07/23 00:51:40.0363 5268 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/23 00:51:40.0402 5268 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/23 00:51:40.0440 5268 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/23 00:51:40.0478 5268 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/07/23 00:51:40.0516 5268 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/07/23 00:51:40.0554 5268 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/23 00:51:40.0588 5268 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/23 00:51:40.0613 5268 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/23 00:51:40.0650 5268 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/23 00:51:40.0668 5268 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/23 00:51:40.0700 5268 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/23 00:51:40.0737 5268 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/23 00:51:40.0769 5268 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/23 00:51:40.0803 5268 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/23 00:51:40.0841 5268 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/23 00:51:40.0880 5268 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/23 00:51:40.0908 5268 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/23 00:51:40.0996 5268 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/07/23 00:51:41.0020 5268 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/23 00:51:41.0068 5268 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/23 00:51:41.0114 5268 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/23 00:51:41.0133 5268 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/23 00:51:41.0159 5268 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/23 00:51:41.0192 5268 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/23 00:51:41.0301 5268 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/23 00:51:41.0335 5268 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/23 00:51:41.0359 5268 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/23 00:51:41.0390 5268 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/23 00:51:41.0423 5268 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/23 00:51:41.0454 5268 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/07/23 00:51:41.0475 5268 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/23 00:51:41.0533 5268 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/23 00:51:41.0566 5268 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/23 00:51:41.0612 5268 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/23 00:51:41.0668 5268 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/23 00:51:41.0716 5268 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/23 00:51:41.0774 5268 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/23 00:51:41.0816 5268 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/23 00:51:41.0843 5268 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/23 00:51:41.0882 5268 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/23 00:51:41.0928 5268 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/23 00:51:41.0949 5268 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/23 00:51:41.0980 5268 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/23 00:51:42.0015 5268 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/23 00:51:42.0036 5268 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/23 00:51:42.0057 5268 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/23 00:51:42.0084 5268 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/23 00:51:42.0117 5268 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/07/23 00:51:42.0134 5268 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/23 00:51:42.0154 5268 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/23 00:51:42.0176 5268 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/23 00:51:42.0222 5268 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/23 00:51:42.0263 5268 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/23 00:51:42.0307 5268 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/23 00:51:42.0324 5268 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/23 00:51:42.0359 5268 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/23 00:51:42.0386 5268 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/23 00:51:42.0418 5268 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/23 00:51:42.0440 5268 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/23 00:51:42.0480 5268 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/23 00:51:42.0535 5268 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/23 00:51:42.0563 5268 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/23 00:51:42.0605 5268 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/23 00:51:42.0669 5268 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/07/23 00:51:42.0726 5268 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/07/23 00:51:42.0755 5268 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/23 00:51:42.0791 5268 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/07/23 00:51:43.0072 5268 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/23 00:51:43.0285 5268 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/07/23 00:51:43.0313 5268 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/07/23 00:51:43.0364 5268 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/23 00:51:43.0398 5268 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/23 00:51:43.0434 5268 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/23 00:51:43.0473 5268 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/23 00:51:43.0490 5268 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/23 00:51:43.0541 5268 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/23 00:51:43.0568 5268 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/23 00:51:43.0592 5268 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/23 00:51:43.0612 5268 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/23 00:51:43.0639 5268 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/23 00:51:43.0750 5268 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/23 00:51:43.0773 5268 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/23 00:51:43.0824 5268 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/23 00:51:43.0869 5268 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/23 00:51:43.0909 5268 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/23 00:51:43.0937 5268 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/23 00:51:43.0960 5268 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/23 00:51:43.0991 5268 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/23 00:51:44.0015 5268 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/23 00:51:44.0047 5268 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/23 00:51:44.0067 5268 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/23 00:51:44.0105 5268 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/23 00:51:44.0130 5268 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/23 00:51:44.0158 5268 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/23 00:51:44.0198 5268 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/07/23 00:51:44.0218 5268 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/23 00:51:44.0247 5268 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/23 00:51:44.0275 5268 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/23 00:51:44.0319 5268 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/23 00:51:44.0395 5268 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/23 00:51:44.0424 5268 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/07/23 00:51:44.0515 5268 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/23 00:51:44.0557 5268 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/23 00:51:44.0599 5268 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/23 00:51:44.0635 5268 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/23 00:51:44.0657 5268 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/23 00:51:44.0705 5268 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/23 00:51:44.0768 5268 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/23 00:51:44.0853 5268 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/23 00:51:44.0924 5268 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/23 00:51:44.0943 5268 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/23 00:51:44.0995 5268 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/23 00:51:45.0029 5268 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/23 00:51:45.0047 5268 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/23 00:51:45.0075 5268 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/23 00:51:45.0129 5268 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/23 00:51:45.0209 5268 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/07/23 00:51:45.0237 5268 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/23 00:51:45.0269 5268 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/23 00:51:45.0306 5268 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/07/23 00:51:45.0349 5268 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/07/23 00:51:45.0388 5268 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/07/23 00:51:45.0422 5268 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/07/23 00:51:45.0453 5268 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/07/23 00:51:45.0495 5268 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/07/23 00:51:45.0538 5268 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/23 00:51:45.0612 5268 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/23 00:51:45.0669 5268 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/23 00:51:45.0702 5268 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/07/23 00:51:45.0727 5268 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/23 00:51:45.0825 5268 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/07/23 00:51:45.0899 5268 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/23 00:51:45.0944 5268 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/23 00:51:45.0984 5268 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/23 00:51:46.0005 5268 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/23 00:51:46.0038 5268 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/23 00:51:46.0078 5268 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/23 00:51:46.0148 5268 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/23 00:51:46.0209 5268 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/23 00:51:46.0256 5268 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/23 00:51:46.0290 5268 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/23 00:51:46.0323 5268 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/23 00:51:46.0368 5268 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/23 00:51:46.0410 5268 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/07/23 00:51:46.0437 5268 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/23 00:51:46.0481 5268 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/07/23 00:51:46.0512 5268 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/23 00:51:46.0574 5268 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/23 00:51:46.0616 5268 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/07/23 00:51:46.0642 5268 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/23 00:51:46.0668 5268 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/23 00:51:46.0694 5268 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/23 00:51:46.0724 5268 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/23 00:51:46.0779 5268 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
2011/07/23 00:51:46.0803 5268 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/23 00:51:46.0826 5268 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/23 00:51:46.0848 5268 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/23 00:51:46.0878 5268 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/23 00:51:46.0906 5268 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/23 00:51:46.0933 5268 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/23 00:51:46.0964 5268 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/23 00:51:46.0993 5268 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/07/23 00:51:47.0022 5268 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/23 00:51:47.0044 5268 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/23 00:51:47.0090 5268 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/23 00:51:47.0137 5268 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/23 00:51:47.0173 5268 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/23 00:51:47.0198 5268 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/23 00:51:47.0251 5268 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/23 00:51:47.0303 5268 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/23 00:51:47.0320 5268 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/23 00:51:47.0365 5268 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/23 00:51:47.0398 5268 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/23 00:51:47.0470 5268 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/23 00:51:47.0491 5268 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/23 00:51:47.0572 5268 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/23 00:51:47.0631 5268 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/23 00:51:47.0680 5268 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/23 00:51:47.0741 5268 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/23 00:51:47.0769 5268 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/23 00:51:47.0855 5268 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/23 00:51:47.0869 5268 Boot (0x1200) (fde86bc9f39a8fb06c16fb1460c639c3) \Device\Harddisk0\DR0\Partition0
2011/07/23 00:51:47.0880 5268 ================================================================================
2011/07/23 00:51:47.0880 5268 Scan finished
2011/07/23 00:51:47.0880 5268 ================================================================================
2011/07/23 00:51:47.0895 4504 Detected object count: 0
2011/07/23 00:51:47.0896 4504 Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hier ist die Log.txt:
[QUOTCombofix Logfile:

Code:

ComboFix 11-07-23.01 - ******** 23.07.2011  13:35:54.1.2 - x86

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2047.1539 [GMT 2:00]

ausgeführt von:: c:\users\********\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

C:\Install.exe

c:\users\********\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll

c:\users\********\AppData\Roaming\Adobe\plugs

c:\users\********\AppData\Roaming\Adobe\shed

c:\windows\IsUn0407.exe

c:\windows\system32\muzapp.exe

c:\windows\system32\Script.vbs

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-06-23 bis 2011-07-23  ))))))))))))))))))))))))))))))

.

.

2011-07-23 11:43 . 2011-07-23 11:43        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-07-22 22:01 . 2011-04-22 23:25        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2011-07-22 22:01 . 2011-04-25 15:29        141104        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll

2011-07-22 22:01 . 2011-04-22 23:35        1797632        ----a-w-        c:\windows\system32\jscript9.dll

2011-07-22 12:47 . 2011-07-22 12:47        --------        d-----w-        c:\programdata\Zylom

2011-07-22 12:47 . 2011-07-22 12:47        --------        d-----w-        c:\program files\Zylom Games

2011-07-22 12:47 . 2009-10-23 13:01        102400        ----a-w-        c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

2011-07-22 11:08 . 2011-07-22 11:09        --------        d-----w-        c:\program files\Ask.com

2011-07-22 11:08 . 2011-07-22 11:08        --------        d-----w-        c:\users\********\AppData\Roaming\FreeHideIP

2011-07-22 11:08 . 2011-07-22 11:08        --------        d-----w-        c:\programdata\FreeHideIP

2011-07-22 11:08 . 2011-07-22 11:08        --------        d-----w-        c:\program files\FreeHideIP

2011-07-22 06:36 . 2011-07-22 06:36        --------        d-----w-        c:\program files\DsNET Corp

2011-07-22 06:31 . 2011-07-22 06:31        --------        d-----w-        c:\users\********\AppData\Roaming\DVDVideoSoft

2011-07-22 04:46 . 2011-07-22 04:46        --------        d-----w-        c:\programdata\Electronic Arts

2011-07-22 04:46 . 2011-07-22 04:46        --------        d-----w-        c:\programdata\EA Core

2011-07-22 04:43 . 2011-07-22 04:46        --------        d-----w-        c:\programdata\Solidshield

2011-07-21 15:39 . 2011-07-21 15:39        --------        d-----w-        c:\program files\ESET

2011-07-20 13:52 . 2011-07-20 13:52        --------        d-----w-        C:\Temp

2011-07-20 13:39 . 2011-06-02 05:47        136808        ----a-w-        c:\windows\system32\drivers\ssadmdm.sys

2011-07-20 13:39 . 2011-06-02 05:47        12776        ----a-w-        c:\windows\system32\drivers\ssadmdfl.sys

2011-07-20 13:39 . 2011-06-02 05:47        10472        ----a-w-        c:\windows\system32\drivers\ssadcmnt.sys

2011-07-20 13:39 . 2011-06-02 05:47        10472        ----a-w-        c:\windows\system32\drivers\ssadcm.sys

2011-07-20 13:39 . 2011-06-02 05:47        10344        ----a-w-        c:\windows\system32\drivers\ssadwhnt.sys

2011-07-20 13:39 . 2011-06-02 05:47        10344        ----a-w-        c:\windows\system32\drivers\ssadwh.sys

2011-07-20 13:39 . 2011-06-02 05:47        121064        ----a-w-        c:\windows\system32\drivers\ssadbus.sys

2011-07-20 13:28 . 2011-07-20 13:38        --------        d-----w-        c:\users\********\AppData\Local\Samsung

2011-07-17 23:19 . 2011-07-17 23:19        --------        d-----w-        c:\program files\Veetle

2011-07-13 13:22 . 2011-06-11 02:29        2334208        ----a-w-        c:\windows\system32\win32k.sys

2011-07-10 16:51 . 2007-04-30 14:29        49152        ----a-w-        c:\program files\Mozilla Firefox\plugins\np32dsw.dll

2011-07-09 17:51 . 1999-10-09 15:30        305152        ----a-w-        c:\windows\IsUninst.exe

2011-07-09 14:15 . 2011-07-09 14:15        --------        d-----w-        c:\users\UpdatusUser

2011-07-09 14:12 . 2011-05-25 07:24        57960        ----a-w-        c:\windows\system32\OpenCL.dll

2011-07-09 14:12 . 2011-05-25 07:24        16456296        ----a-w-        c:\windows\system32\nvoglv32.dll

2011-07-09 14:12 . 2011-05-25 07:24        899688        ----a-w-        c:\windows\system32\nvdispco3220150.dll

2011-07-09 14:12 . 2011-05-25 07:24        865896        ----a-w-        c:\windows\system32\nvgenco322090.dll

2011-07-09 14:12 . 2011-05-25 07:24        11992680        ----a-w-        c:\windows\system32\nvd3dum.dll

2011-07-09 14:12 . 2011-05-25 07:24        10589800        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2011-07-09 14:12 . 2011-05-25 07:24        2804328        ----a-w-        c:\windows\system32\nvcuvid.dll

2011-07-09 14:12 . 2011-05-25 07:24        5301352        ----a-w-        c:\windows\system32\nvcuda.dll

2011-07-09 14:12 . 2011-05-25 07:24        2082408        ----a-w-        c:\windows\system32\nvcuvenc.dll

2011-07-09 14:12 . 2011-05-25 07:24        13011560        ----a-w-        c:\windows\system32\nvcompiler.dll

2011-07-09 01:40 . 2011-07-09 01:43        --------        d-----w-        c:\program files\AutoShutdownManager

2011-07-06 17:47 . 2011-07-06 17:47        --------        d-sh--w-        c:\windows\ftpcache

2011-07-05 21:30 . 2011-07-21 01:30        --------        d-----w-        c:\program files\JDownloader

2011-06-29 17:58 . 2011-06-29 17:58        --------        d-----w-        c:\users\********\AppData\Roaming\ts3overlay

2011-06-29 11:38 . 2011-05-24 10:44        293376        ----a-w-        c:\windows\system32\umpnpmgr.dll

2011-06-29 11:38 . 2011-05-04 04:34        1549312        ----a-w-        c:\windows\system32\tquery.dll

2011-06-29 11:38 . 2011-05-04 04:32        337408        ----a-w-        c:\windows\system32\mssph.dll

2011-06-29 11:38 . 2011-05-04 04:32        1401344        ----a-w-        c:\windows\system32\mssrch.dll

2011-06-29 11:38 . 2011-05-04 04:28        427520        ----a-w-        c:\windows\system32\SearchIndexer.exe

2011-06-29 11:38 . 2011-05-04 04:28        164352        ----a-w-        c:\windows\system32\SearchProtocolHost.exe

2011-06-29 11:38 . 2011-05-04 04:32        666624        ----a-w-        c:\windows\system32\mssvp.dll

2011-06-29 11:38 . 2011-05-04 04:32        197120        ----a-w-        c:\windows\system32\mssphtb.dll

2011-06-29 11:38 . 2011-05-04 04:32        59392        ----a-w-        c:\windows\system32\msscntrs.dll

2011-06-29 11:38 . 2011-05-04 04:28        86528        ----a-w-        c:\windows\system32\SearchFilterHost.exe

2011-06-28 16:05 . 2011-06-28 16:06        271360        ----a-w-        c:\windows\system32\drivers\atksgt.sys

2011-06-28 16:05 . 2011-06-28 16:05        18048        ----a-w-        c:\windows\system32\drivers\lirsgt.sys

2011-06-27 13:08 . 2011-06-27 13:08        53248        ----a-w-        c:\windows\system32\unrar.dll

2011-06-25 22:07 . 2000-08-19 17:29        268048        ----a-w-        c:\windows\system32\dxtmeta2.dll

2011-06-25 21:06 . 2011-06-25 21:06        --------        d-----w-        c:\program files\Elaborate Bytes

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-22 15:51 . 2011-02-24 16:21        245632        ----a-w-        c:\windows\system32\drivers\volsnap.sys

2011-07-11 19:25 . 2011-01-22 00:35        22328        ----a-w-        c:\users\********\AppData\Roaming\PnkBstrK.sys

2011-07-06 17:52 . 2011-04-14 02:33        41272        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-02 12:15 . 2010-12-30 18:42        66616        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-07-02 12:15 . 2010-12-30 18:42        138192        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-06-17 18:07 . 2011-05-13 20:02        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-16 11:19 . 2011-01-01 23:19        444952        ----a-w-        c:\windows\system32\wrap_oal.dll

2011-06-16 11:19 . 2011-01-01 23:19        109080        ----a-w-        c:\windows\system32\OpenAL32.dll

2011-06-08 20:29 . 2011-06-08 19:30        814041040        ----a-w-        c:\program files\War_Rock_20110307_G1.exe

2011-05-25 07:24 . 2011-01-07 20:06        615528        ----a-w-        c:\windows\system32\nvvsvc.exe

2011-05-25 07:24 . 2011-01-07 20:06        2557544        ----a-w-        c:\windows\system32\nvsvc.dll

2011-05-25 07:24 . 2011-01-07 20:06        2560616        ----a-w-        c:\windows\system32\nvsvcr.dll

2011-05-25 07:24 . 2011-01-07 20:06        66664        ----a-w-        c:\windows\system32\nvshext.dll

2011-05-25 07:24 . 2011-01-07 20:06        111208        ----a-w-        c:\windows\system32\nvmctray.dll

2011-05-25 07:24 . 2011-01-07 20:06        3693672        ----a-w-        c:\windows\system32\nvcpl.dll

2011-05-25 07:24 . 2011-01-07 20:06        543336        ----a-w-        c:\windows\system32\easyUpdatusAPIU.dll

2011-05-25 07:24 . 2009-07-13 22:09        6555240        ----a-w-        c:\windows\system32\nvwgf2um.dll

2011-05-25 07:24 . 2011-07-09 14:12        12392        ----a-w-        c:\windows\system32\drivers\nvBridge.kmd

2011-05-25 07:24 . 2011-03-15 13:19        2335848        ----a-w-        c:\windows\system32\nvapi.dll

2011-05-20 20:35 . 2011-05-20 20:35        304744        ----a-w-        c:\windows\system32\nvStreaming.exe

2011-05-06 00:23 . 2011-01-22 01:52        189480        ----a-w-        c:\windows\system32\PnkBstrB.xtr

2011-05-03 04:30 . 2011-06-17 10:16        741376        ----a-w-        c:\windows\system32\inetcomm.dll

2011-04-30 05:01 . 2011-04-30 05:01        86528        ----a-w-        c:\windows\system32\iesysprep.dll

2011-04-30 05:01 . 2011-04-30 05:01        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2011-04-30 05:01 . 2011-04-30 05:01        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2011-04-30 05:01 . 2011-04-30 05:01        63488        ----a-w-        c:\windows\system32\tdc.ocx

2011-04-30 05:01 . 2011-04-30 05:01        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2011-04-30 05:01 . 2011-04-30 05:01        367104        ----a-w-        c:\windows\system32\html.iec

2011-04-30 05:01 . 2011-04-30 05:01        161792        ----a-w-        c:\windows\system32\msls31.dll

2011-04-30 05:01 . 2011-04-30 05:01        1126912        ----a-w-        c:\windows\system32\wininet.dll

2011-04-30 05:01 . 2011-04-30 05:01        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll

2011-04-30 05:01 . 2011-04-30 05:01        74752        ----a-w-        c:\windows\system32\iesetup.dll

2011-04-30 05:01 . 2011-04-30 05:01        420864        ----a-w-        c:\windows\system32\vbscript.dll

2011-04-30 05:01 . 2011-04-30 05:01        35840        ----a-w-        c:\windows\system32\imgutil.dll

2011-04-30 05:01 . 2011-04-30 05:01        23552        ----a-w-        c:\windows\system32\licmgr10.dll

2011-04-30 05:01 . 2011-04-30 05:01        152064        ----a-w-        c:\windows\system32\wextract.exe

2011-04-30 05:01 . 2011-04-30 05:01        150528        ----a-w-        c:\windows\system32\iexpress.exe

2011-04-30 05:01 . 2011-04-30 05:01        142848        ----a-w-        c:\windows\system32\ieUnatt.exe

2011-04-30 05:01 . 2011-04-30 05:01        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl

2011-04-30 05:01 . 2011-04-30 05:01        11776        ----a-w-        c:\windows\system32\mshta.exe

2011-04-30 05:01 . 2011-04-30 05:01        101888        ----a-w-        c:\windows\system32\admparse.dll

2011-04-29 13:44 . 2011-04-29 13:44        112        ----a-w-        c:\users\********\AppData\Roaming\srvblck2.tmp

2011-04-29 02:46 . 2011-06-17 10:16        311808        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-04-29 02:46 . 2011-06-17 10:16        310272        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-04-29 02:46 . 2011-06-17 10:16        114688        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2011-04-27 02:17 . 2011-06-17 10:16        223744        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:17 . 2011-06-17 10:16        96768        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys

2011-04-27 02:17 . 2011-06-17 10:16        123904        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 04:31 . 2011-06-17 10:16        1290624        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-04-25 02:18 . 2011-06-17 10:16        338944        ----a-w-        c:\windows\system32\drivers\afd.sys

2011-06-16 04:32 . 2011-06-21 15:09        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-28 20:44        1400712        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-6-30 2588784]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"<NO NAME>"= 0

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2011-03-05 22:23        119608        ----a-w-        c:\program files\ICQ7.4\ICQ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-11-20 03:17        1174016        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-03-02 21:38        1242448        ----a-w-        c:\program files\Steam\steam.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"FreeCT"=c:\program files\FreeCountdownTimer\FreeCountdownTimer.exe -autorun

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-12-10 3648584]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

{D8F737AD-AF9D-40ED-B1683075A1C327EA}

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.facemoods.com/?a=ddrnw

uInternet Settings,ProxyServer = http=;ftp=;https=;

IE: Free YouTube to MP3 Converter - c:\users\********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe

Trusted Zone: infospyware.net\www

FF - ProfilePath - c:\users\********\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\

FF - prefs.js: browser.search.selectedEngine - Facemoods Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)

SafeBoot-97676463.sys

MSConfigStartUp-Cattree - c:\users\********\AppData\Roaming\Linktree\linklib.exe

MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-437390453-843434285-2204248341-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:fa,f8,29,4f,38,01,c2,a5,e3,21,8e,49,fd,6e,cd,a3,00,ea,84,90,ea,8d,f2,

   bd,dc,a4,7d,24,03,04,e7,7e,c8,af,92,e3,ae,a6,df,6c,3a,1a,43,99,db,a1,1a,88,\

"??"=hex:fd,98,6f,a3,ce,27,fe,84,c2,c9,dc,dc,20,bb,24,ec

.

[HKEY_USERS\S-1-5-21-437390453-843434285-2204248341-1001\Software\SecuROM\License information*]

"datasecu"=hex:17,bd,98,59,d2,31,b6,4e,92,fa,27,6a,c4,f8,50,f8,9f,45,d8,0a,37,

   96,f3,1e,f8,59,96,13,85,41,e7,b5,1e,4b,fb,3f,78,7c,b3,bd,15,3d,2f,57,ae,a2,\

"rkeysecu"=hex:a0,30,19,81,11,75,c1,62,1d,81,4a,05,c3,2b,bd,97

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-07-23  13:49:53 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-07-23 11:49

.

Vor Suchlauf: 13 Verzeichnis(se), 406.545.145.856 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 405.983.584.256 Bytes frei

.

- - End Of File - - 405C5EA67D1B68005CDAB0AD8D05B703

--- --- ---
E][/QUOTE]

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Ok, habe ich gemacht:

GMER:GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-07-25 13:40:24

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000066 WDC_WD50 rev.01.0

Running: gxr4ks0u.exe; Driver: C:\Users\******\AppData\Local\Temp\kxldrpog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8E4C8B7E                                                                                                 ZwCreateSection

SSDT            8E4C8B83                                                                                                 ZwSetContextThread

SSDT            8E4C8B1F                                                                                                 ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKey + 13C1                                                                            82A4A339 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82A83D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                      82A8AEEC 4 Bytes  [7E, 8B, 4C, 8E]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                      82A8B28C 4 Bytes  [83, 8B, 4C, 8E]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                                      82A8B364 4 Bytes  [1F, 8B, 4C, 8E]

.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                 section is executable [0x99967300, 0x25D4C, 0xE0000060]

.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                   section is writeable [0x999DA300, 0x1B7E, 0xE8000020]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!LdrLoadDll                                   778F22B8 5 Bytes  JMP 01361410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!SetWindowLongA                     76148BA3 5 Bytes  JMP 5F73EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!SetWindowLongW                     76154449 5 Bytes  JMP 5F73ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!GetWindowInfo                      76154B5E 5 Bytes  JMP 5F555451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!TrackPopupMenu                     76162228 5 Bytes  JMP 5F555A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3376] ntdll.dll!DbgBreakPoint         778C40F0 3 Bytes  [8B, 40, 30] {MOV EAX, [EAX+0x30]}
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

Device          \Driver\ACPI_HAL \Device\00000052                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Hier OSAM:
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 13:44:26 on 25.07.2011
 

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit

Default Browser: Mozilla Corporation Firefox 5.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys

"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\******\AppData\Local\Temp\catchme.sys  (File not found)

"cpuz135" (cpuz135) - "CPUID" - C:\Windows\system32\drivers\cpuz135_x32.sys

"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)

"EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys  (File not found)

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys

"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys

"kxldrpog" (kxldrpog) - ? - C:\Users\******\AppData\Local\Temp\kxldrpog.sys  (Hidden registry entry, rootkit activity | File not found)

"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)

"MBAMProtector" (MBAMProtector) - ? - C:\Windows\system32\drivers\mbam.sys  (File not found)

"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys

"SANDRA" (SANDRA) - ? - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2a\WNt500x86\Sandra.sys  (File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"XDva386" (XDva386) - ? - C:\Windows\system32\XDva386.sys  (File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Protocols\Handler )-----

{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll

{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll

{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "******ander Roshal" - C:\Program Files\WinRAR\rarext.dll

{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Macromed\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll

{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll

{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"GamersFirst LIVE!.lnk" - "GamersFirst" - C:\Program Files\GamersFirst\LIVE!\Live.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s

"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"amd_dc_opt" - "AMD" - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_e477fed.dll  (File found, but it contains no detailed information)

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des

"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE

"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]
Zu guterletzt aswMBR:

Zitat:

aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-25 13:46:38
-----------------------------
13:46:38.696 OS Version: Windows 6.1.7601 Service Pack 1
13:46:38.697 Number of processors: 2 586 0x6B01
13:46:38.698 ComputerName: ******-PC UserName: ******
13:46:40.130 Initialize success
13:50:04.348 AVAST engine defs: 11072500
13:50:35.122 The log file has been saved successfully to "C:\Users\******\Desktop\aswMBR.txt"

Das Log von aswmbr ist unvollständig! Führe das Tool bitte genau wie in der Anleitung beschrieben aus!

Ok ich hab es so gemacht wie du es gesagt hast.
Dann hat sich laut Windows unerwartet runtergefahren.
Eine Log-Datei fand ich jetzt aber nicht.

Zitat:

Dann hat sich laut Windows unerwartet runtergefahren.

Hätteste du auch mal sagen können...
Führ aswmbr bitte nochmal aus

Hier ist sie:

Zitat:

aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-25 17:44:31
-----------------------------
17:44:31.666 OS Version: Windows 6.1.7601 Service Pack 1
17:44:31.666 Number of processors: 2 586 0x6B01
17:44:31.666 ComputerName: ******-PC UserName: ******
17:44:49.154 Initialize success
17:44:54.629 AVAST engine defs: 11072500
17:45:31.725 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
17:45:31.725 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
17:45:31.787 Disk 0 MBR read successfully
17:45:31.787 Disk 0 MBR scan
17:45:31.818 Disk 0 Windows 7 default MBR code
17:45:31.834 Disk 0 scanning sectors +976752000
17:45:32.021 Disk 0 scanning C:\Windows\system32\drivers
17:45:40.445 Service scanning
17:45:42.052 Modules scanning
17:45:48.526 Disk 0 trace - called modules:
17:45:48.542 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
17:45:48.557 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8587d370]
17:45:48.557 3 CLASSPNP.SYS[88a0459e] -> nt!IofCallDriver -> [0x848bbc48]
17:45:48.557 5 ACPI.sys[887a73d4] -> nt!IofCallDriver -> \Device\00000066[0x85169980]
17:45:50.164 AVAST engine scan C:\Windows
17:45:53.565 AVAST engine scan C:\Windows\system32
17:47:26.494 AVAST engine scan C:\Windows\system32\drivers
17:47:34.466 AVAST engine scan C:\Users\******
17:51:32.163 AVAST engine scan C:\ProgramData
17:52:09.135 Scan finished successfully
17:52:44.422 Disk 0 MBR has been saved successfully to "C:\Users\******\Desktop\MBR.dat"
17:52:44.422 The log file has been saved successfully to "C:\Users\******\Desktop\aswMBR.txt"

Zitat:

"XDva386" (XDva386) - ? - C:\Windows\system32\XDva386.sys (File not found)

Bitte mit OSAM deaktivieren und löschen

Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Ist es möglich es auf nächste Woche zu verschieben.
Ich fliege im Urlaub und bin logischerweise nicht zuhause.

Ja, mach es wenn du wieder da bist. Dann mal einen erholsamen Urlaub :D :party: