Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Infektion mit diverser Malware (https://www.trojaner-board.de/99658-infektion-diverser-malware.html)

Vivo 28.05.2011 04:28
Infektion mit diverser Malware
 
Guten Morgen,

vor ein paar Tagen hat mir Avira eine Vireninfektion angezeigt (Logfiles siehe unten). Das System wurde auch merklich langsamer, insbesondere Firefox hat auf Eingaben nur sehr verzögert reagiert, ebenso beim Seitenaufbau.

Hatte Firefox neu installiert und diverse nicht mehr benötigte Software deinstalliert.

Ein Lauf von Malwarebytes hat dann weitere Infektionen ergeben. Nachdem die betroffenen Dateien in Quarantäne verschoben wurden, wird beim Systemstart die Meldung angezeigt:
Code:
Fehler beim Laden von C:\users\***\tloadF4.dll
Das angegebene Modul wurde nicht gefunden.
Das System läuft aber; scheinbar jetzt nach dem letzten Malwarebytes-Lauf auch wieder schneller.

Jetzt wüsste ich gerne, wie ich da weiter vorgehen soll.

OTL:
Code:
OTL logfile created on: 28.05.2011 04:50:48 - Run 2
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,04% Memory free
4,24 Gb Paging File | 3,37 Gb Available in Paging File | 79,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 34,88 Gb Free Space | 46,81% Space Free | Partition Type: NTFS
Drive D: | 64,76 Gb Total Space | 64,49 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.04.28 16:18:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.16 16:47:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.03 15:31:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.10 18:15:46 | 001,265,664 | ---- | M] (www.bid-o-matic.org) -- C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.07.09 18:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.25 04:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008.06.19 21:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.03.17 08:17:31 | 005,320,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.02 00:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2008.01.24 00:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.12 06:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe
PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Unknown | Stopped] --  -- (WPFFontCache_v0400)
SRV - [2011.04.28 16:18:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.16 16:47:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 16:47:13 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.22 21:23:06 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.06.03 23:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
DRV - [2008.05.01 03:09:59 | 007,448,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.03.21 21:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.11.16 06:09:03 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.03 21:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006.12.15 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.27 20:42:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.27 21:14:42 | 000,000,000 | ---D | M]
 
[2011.05.27 20:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.05.27 21:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.05.15 20:13:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) --
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.19 19:47:11 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.05 23:13:00 | 000,307,170 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 10575 more lines...
O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NvCplDaemonTool]  File not found
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk = C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.28 04:23:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbam logdateien
[2011.05.28 04:19:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\avira ereignisse
[2011.05.28 04:14:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD
[2011.05.27 22:44:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.05.27 20:22:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DriverCure
[2011.05.27 20:22:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ParetoLogic
[2011.05.27 20:22:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011.05.27 20:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011.05.27 20:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011.05.27 20:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011.05.27 19:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
[2011.05.27 19:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.05.27 19:51:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011.05.27 19:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011.05.27 19:49:44 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2011.05.27 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware
[2011.05.26 15:57:37 | 005,249,448 | ---- | C] (ParetoLogic Inc.) -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor_de.exe
[2011.05.16 17:05:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\rechtssoziologie
[2011.05.04 22:56:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SnapDragon Games
[2011.05.04 22:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\SnapDragon Games
[2011.04.29 17:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011.04.29 14:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.04.29 14:58:30 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011.04.29 14:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.04.29 14:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2008.06.03 23:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.28 04:23:49 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.05.28 04:16:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.28 04:16:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.28 04:15:10 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.28 04:13:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.28 00:31:16 | 000,000,272 | ---- | M] () -- C:\Users\***\Desktop\fehlermeldung beim start.rtf
[2011.05.27 22:45:55 | 000,302,080 | ---- | M] () -- C:\Users\***\Desktop\ksdu5jyf.exe
[2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.05.27 22:18:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.05.27 22:13:44 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2011.05.27 22:05:07 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.27 22:05:07 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.27 22:05:07 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.27 22:05:07 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.27 20:42:21 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.27 20:23:18 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.05.27 20:22:20 | 000,000,909 | ---- | M] () -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor.lnk
[2011.05.27 20:22:20 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011.05.27 20:22:20 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011.05.27 20:22:20 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011.05.27 19:52:36 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.05.27 19:52:19 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.05.27 19:31:57 | 000,323,216 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2011-05-27.json
[2011.05.26 20:39:33 | 000,047,584 | ---- | M] () -- C:\Users\***\Desktop\werbung.jpg
[2011.05.26 15:58:24 | 005,249,448 | ---- | M] (ParetoLogic Inc.) -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor_de.exe
[2011.05.15 17:27:03 | 000,057,800 | ---- | M] () -- C:\Users\***\Desktop\alle affen gaffen.jpg
[2011.05.14 14:46:09 | 000,388,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.14 03:20:35 | 000,105,656 | ---- | M] () -- C:\Users\***\Desktop\denkt denn niemand an die kinder.jpg
[2011.05.13 00:49:56 | 003,575,463 | ---- | M] () -- C:\Users\***\Desktop\Come And Join Us - Bob Leaper And His Prophets.mp3
[2011.05.12 14:16:00 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe
[2011.05.11 19:14:42 | 004,267,781 | ---- | M] () -- C:\Users\***\Desktop\Gabriella Cilmi - Sweet about me (unplugged).mp3
[2011.05.10 13:31:25 | 000,008,120 | ---- | M] () -- C:\Users\***\Desktop\denglisch.rtf
[2011.05.09 20:40:14 | 000,000,548 | ---- | M] () -- C:\Users\***\Desktop\MinimogueVA.exe - Verknüpfung.lnk
[2011.05.09 15:41:36 | 001,887,144 | ---- | M] () -- C:\Users\***\Desktop\2003-10-16_10-23-208_2005-12-02_11-19-376.pdf
[2011.05.05 15:57:52 | 000,107,077 | ---- | M] () -- C:\Users\***\Desktop\claudia roth preis.pdf
[2011.05.02 22:11:27 | 005,068,826 | ---- | M] () -- C:\Users\***\Desktop\Aloe Blacc - Loving You Is Killing Me (Live in Studio).mp3
[2011.05.02 21:54:13 | 000,050,061 | ---- | M] () -- C:\Users\***\Desktop\zimmer.jpg
[2011.04.29 17:43:13 | 000,148,340 | ---- | M] () -- C:\Windows\hphins33.dat
[2011.04.29 15:29:03 | 001,316,262 | ---- | M] () -- C:\Users\***\Desktop\dj169en.exe
[2011.04.29 15:16:27 | 000,175,504 | ---- | M] () -- C:\Windows\hphins26.dat
[2011.04.29 15:01:47 | 000,175,517 | ---- | M] () -- C:\Windows\hphins26.dat.temp
 
========== Files Created - No Company Name ==========
 
[2011.05.28 00:31:16 | 000,000,272 | ---- | C] () -- C:\Users\***\Desktop\fehlermeldung beim start.rtf
[2011.05.27 22:45:24 | 000,302,080 | ---- | C] () -- C:\Users\***\Desktop\ksdu5jyf.exe
[2011.05.27 22:13:44 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2011.05.27 21:25:49 | 000,006,739 | ---- | C] () -- C:\Users\***\Documents\wavepurity.ini.bak
[2011.05.27 20:42:21 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.27 20:42:21 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.27 20:23:18 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.05.27 20:22:20 | 000,000,909 | ---- | C] () -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor.lnk
[2011.05.27 20:22:20 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011.05.27 20:22:20 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011.05.27 20:22:20 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2011.05.27 19:52:36 | 000,000,220 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.05.27 19:52:19 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.05.27 19:31:56 | 000,323,216 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2011-05-27.json
[2011.05.26 20:39:32 | 000,047,584 | ---- | C] () -- C:\Users\***\Desktop\werbung.jpg
[2011.05.15 17:25:38 | 000,057,800 | ---- | C] () -- C:\Users\***\Desktop\alle affen gaffen.jpg
[2011.05.14 03:20:35 | 000,105,656 | ---- | C] () -- C:\Users\***\Desktop\denkt denn niemand an die kinder.jpg
[2011.05.13 00:49:54 | 003,575,463 | ---- | C] () -- C:\Users\***\Desktop\Come And Join Us - Bob Leaper And His Prophets.mp3
[2011.05.11 19:14:37 | 004,267,781 | ---- | C] () -- C:\Users\***\Desktop\Gabriella Cilmi - Sweet about me (unplugged).mp3
[2011.05.09 20:40:14 | 000,000,548 | ---- | C] () -- C:\Users\***\Desktop\MinimogueVA.exe - Verknüpfung.lnk
[2011.05.09 15:41:29 | 001,887,144 | ---- | C] () -- C:\Users\***\Desktop\2003-10-16_10-23-208_2005-12-02_11-19-376.pdf
[2011.05.05 15:57:50 | 000,107,077 | ---- | C] () -- C:\Users\***\Desktop\claudia roth preis.pdf
[2011.05.02 22:10:44 | 005,068,826 | ---- | C] () -- C:\Users\***\Desktop\Aloe Blacc - Loving You Is Killing Me (Live in Studio).mp3
[2011.05.02 21:54:13 | 000,050,061 | ---- | C] () -- C:\Users\***\Desktop\zimmer.jpg
[2011.04.29 17:38:11 | 000,148,340 | ---- | C] () -- C:\Windows\hphins33.dat
[2011.04.29 17:38:11 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2011.04.29 15:28:55 | 001,316,262 | ---- | C] () -- C:\Users\***\Desktop\dj169en.exe
[2011.04.29 15:13:52 | 000,175,517 | ---- | C] () -- C:\Windows\hphins26.dat.temp
[2011.04.29 15:13:52 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat.temp
[2011.04.29 14:57:48 | 000,175,504 | ---- | C] () -- C:\Windows\hphins26.dat
[2011.04.29 14:57:48 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
[2010.08.03 20:43:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.03 20:42:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.05.20 12:36:28 | 000,000,016 | ---- | C] () -- C:\Users\***\AppData\Roaming\qvjsge.dat
[2010.04.07 22:46:32 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini
[2010.04.07 22:42:44 | 000,000,326 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.04.30 14:34:46 | 000,000,167 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.02.10 20:55:09 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.01.05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.12.06 19:36:56 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2008.10.18 18:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.18 15:08:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.09.24 04:46:36 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.09.24 04:46:34 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.24 04:40:32 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008.09.24 04:40:21 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.04.16 11:30:52 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 11:30:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 11:30:52 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 11:30:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 11:01:43 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,388,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2009.09.22 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.config
[2011.05.27 21:15:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.05.28 04:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.05.27 21:20:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON
[2011.05.27 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DriverCure
[2011.03.11 00:27:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.24 18:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.03.30 23:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.05.27 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze
[2010.05.02 17:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2010.05.01 15:29:31 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2008.10.18 18:45:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.05.27 20:22:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ParetoLogic
[2009.09.07 17:25:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qualcomm
[2011.01.08 04:26:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER
[2011.05.27 19:52:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2011.05.27 20:23:18 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011.05.27 20:22:20 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011.05.27 20:22:20 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011.05.27 20:22:20 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2011.05.27 19:52:36 | 000,000,220 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2009.02.05 18:04:07 | 000,021,986 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.10.18 15:15:02 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.09.24 04:49:22 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
[2010.08.03 21:17:07 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.05.28 03:09:18 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2010.03.11 16:57:36 | 000,000,000 | ---D | M] -- C:\ct
[2009.04.13 00:45:19 | 000,000,000 | ---D | M] -- C:\cwplayer
[2008.10.18 15:01:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.05 00:40:23 | 000,000,000 | ---D | M] -- C:\dos
[2008.10.30 16:21:34 | 000,000,000 | ---D | M] -- C:\logs
[2011.05.09 20:40:20 | 000,000,000 | ---D | M] -- C:\minimoog
[2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2009.06.15 17:51:29 | 000,000,000 | ---D | M] -- C:\postda
[2011.05.27 22:17:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.05.27 21:40:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.12.06 19:12:12 | 000,000,000 | ---D | M] -- C:\qb
[2010.04.07 22:46:14 | 000,000,000 | ---D | M] -- C:\SIERRA
[2011.05.28 04:52:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.10.18 15:08:26 | 000,000,000 | R--D | M] -- C:\Users
[2011.01.25 22:10:35 | 000,000,000 | ---D | M] -- C:\vst
[2011.05.27 22:13:44 | 000,000,000 | ---D | M] -- C:\Windows
[2009.09.22 18:03:02 | 000,000,000 | ---D | M] -- C:\xtender
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-28 01:09:47
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:C10F9B26

< End of report >
Extras:
Code:
OTL Extras logfile created on: 28.05.2011 00:31:21 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,37% Memory free
4,23 Gb Paging File | 3,28 Gb Available in Paging File | 77,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 34,36 Gb Free Space | 46,11% Space Free | Partition Type: NTFS
Drive D: | 64,76 Gb Total Space | 64,49 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C44C9B8-6FA2-4E57-96A1-F1A613941342}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3912536B-2707-456D-B4A9-2E0BFBD13EB7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{43D4CF31-CC80-4003-B456-01462B3E2027}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65400965-145C-4B37-B8BA-CB160F537165}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFA048CA-6731-4CE0-80BC-D81F5DEA2B0E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EED069AF-F199-4E20-9267-EAEDDF1439CD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F51C7C49-D339-4A1B-8135-E733D223F48D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD47045D-17EB-473A-B22C-298DFEEBB612}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B82674-B505-418A-B1C7-5A943354E1E5}" = protocol=6 | dir=in | app=c:\program files\ftp explorer\ftpx.exe |
"{7ED725E5-9CB9-43CF-A0DC-29A6160CA23B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{95024D4A-F3B6-40DA-A908-5A53B05EDFB3}" = protocol=17 | dir=in | app=c:\program files\ftp explorer\ftpx.exe |
"{B280AB1F-4344-43A8-8E2E-44F59A1F5B57}" = dir=in | app=c:\program files\asustek\asusdvd\powerdvd.exe |
"{EB73C2B2-0F81-4953-AF29-0DF69B4B66BB}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{F7B4AB7F-75DB-454A-B183-A901836CC404}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"TCP Query User{149C703E-0CD0-42C2-A9CD-EBC7B9B6B1BB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{37E0E16A-5102-4D19-94F2-F35F52D8F047}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B723F0A3-2454-4230-B1B4-F3D8BADF0C00}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D642D53B-3EA7-4D11-A8E2-59C21CCFB754}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F7DB53C0-EC2F-4B0E-AADE-196AF5290D80}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1FFBB0E6-A643-4B21-94D0-AE23BF915D21}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{99A4B196-54E2-4581-B7A6-863E97366FFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CE1D5C9B-B9B0-4BCE-A409-77C7F304637E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{D353F28E-A797-43FD-9FFB-71A9B614F9BA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ED3BB049-97F1-44BC-B548-C355A98E645B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F4EF69-CFE4-49D7-9459-3873D0FB2BDA}" = SmartFTP Client German (Germany) MUI
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0BC990FA-89D8-4F70-AFA9-0C01557FB7B3}" = SmartFTP Client
"{167F938F-5AD3-40e2-B05D-2B7C6F0FDE48}" = HP Deskjet D1500 Printer Driver 10.0 Rel .3
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo WinOptimizer 4 FREE_is1" = Ashampoo WinOptimizer 4 FREE
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"Biet-O-Matic v2.8.3" = Biet-O-Matic v2.8.3
"Caesar 3" = Caesar 3
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Native Instruments Pro-53 Demo" = Native Instruments Pro-53 Demo
"NVIDIA Drivers" = NVIDIA Drivers
"Security Task Manager" = Security Task Manager 1.7h
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tone Stack Calculator" = Tone Stack Calculator
"Uniblue RegistryBooster" = Uniblue RegistryBooster
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.05.2011 06:32:54 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 20.05.2011 06:32:55 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 20.05.2011 06:32:55 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 20.05.2011 06:32:56 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 20.05.2011 06:32:56 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 20.05.2011 06:32:58 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 20.05.2011 06:32:58 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 20.05.2011 06:33:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 20.05.2011 06:33:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 22.05.2011 19:04:26 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3909 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 39c  Anfangszeit: 01cc187c6c279488  Zeitpunkt der Beendigung:
 60
 
[ System Events ]
Error - 27.05.2011 15:42:40 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.05.2011 15:45:37 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.05.2011 15:45:39 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.05.2011 15:46:04 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.05.2011 15:46:05 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.05.2011 15:51:01 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.05.2011 16:12:33 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.05.2011 16:22:22 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.05.2011 16:31:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 27.05.2011 16:31:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
gmer:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-28 04:10:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: ksdu5jyf.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys


---- Kernel code sections - GMER 1.0.15 ----

?              System32\drivers\fvxllon.sys                                            Das System kann den angegebenen Pfad nicht finden. !
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                section is writeable [0x8BC04340, 0x3DC4A7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Mozilla Firefox\firefox.exe[2644] ntdll.dll!LdrLoadDll  77AE93A8 5 Bytes  JMP 011F1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                      0 bytes
File            C:\ADSM_PData_0150\DB                                                    0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                              624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                              16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                              16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                              512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                          253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                  512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86              0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys    29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt        512 bytes

---- EOF - GMER 1.0.15 ----
Neuestes mbam-Log:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6694

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

28.05.2011 00:22:42
mbam-log-2011-05-28 (00-22-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 265425
Laufzeit: 1 Stunde(n), 34 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskd60.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\***\tloadF4.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\E45NVVOV\about[1].exe (Heuristics.Shuriken) -> No action taken.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
Ältere mbam-Logs und Avira-Ereignisse sind im Anhang.

cosinus 29.05.2011 11:00
Zitat:
C:\Windows\Tasks\RegistryBooster.job
Von solchen Tools kann man nur abraten, das Löschen von angeblich unnötigen Registry-Einträgen bringt keine Geschwinkeitsvorteile, dafür geht man das Risiko ein, wichtige Einträge zu löschen, wodruch das ganze System in Mitleidenschaft gezogen werden kann. Solltest du also umgehend deinstallieren.



Mach danach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.05.27 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze
[2010.05.01 15:29:31 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2011.05.27 22:18:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.05.20 12:36:28 | 000,000,016 | ---- | C] () -- C:\Users\***\AppData\Roaming\qvjsge.dat
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:C10F9B26
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Vivo 29.05.2011 15:20
Zunächst mal: Der Registry-Booster war nur eine Testversion und hat, meines Wissens, nichts an der Registry verändert. Habe ich aber jetzt deinstalliert.

Hier das neue OTL-Log:
Code:
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\***\AppData\Roaming\Gutscheinmieze folder moved successfully.
C:\Users\***\AppData\Roaming\lowsec folder moved successfully.
C:\Windows\System32\acovcnt.exe moved successfully.
C:\Users\***\AppData\Roaming\qvjsge.dat moved successfully.
ADS C:\ProgramData\Temp:C10F9B26 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.23.0 log created on 05292011_161307

cosinus 29.05.2011 15:38
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Vivo 29.05.2011 17:05
Also hier das TDSS-Log:
Code:
2011/05/29 18:00:19.0981 2476        TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/29 18:00:20.0049 2476        ================================================================================
2011/05/29 18:00:20.0049 2476        SystemInfo:
2011/05/29 18:00:20.0049 2476       
2011/05/29 18:00:20.0049 2476        OS Version: 6.0.6002 ServicePack: 2.0
2011/05/29 18:00:20.0049 2476        Product type: Workstation
2011/05/29 18:00:20.0049 2476        ComputerName: ***-PC
2011/05/29 18:00:20.0050 2476        UserName: ***
2011/05/29 18:00:20.0050 2476        Windows directory: C:\Windows
2011/05/29 18:00:20.0050 2476        System windows directory: C:\Windows
2011/05/29 18:00:20.0050 2476        Processor architecture: Intel x86
2011/05/29 18:00:20.0050 2476        Number of processors: 1
2011/05/29 18:00:20.0050 2476        Page size: 0x1000
2011/05/29 18:00:20.0050 2476        Boot type: Normal boot
2011/05/29 18:00:20.0050 2476        ================================================================================
2011/05/29 18:00:21.0404 2476        Initialize success
2011/05/29 18:00:39.0587 3092        ================================================================================
2011/05/29 18:00:39.0587 3092        Scan started
2011/05/29 18:00:39.0587 3092        Mode: Manual;
2011/05/29 18:00:39.0587 3092        ================================================================================
2011/05/29 18:00:41.0291 3092        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/29 18:00:41.0369 3092        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/29 18:00:41.0447 3092        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/29 18:00:41.0494 3092        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/29 18:00:41.0603 3092        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/29 18:00:41.0728 3092        AFD            (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/29 18:00:41.0822 3092        AgereSoftModem  (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/29 18:00:41.0916 3092        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/29 18:00:41.0962 3092        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/29 18:00:42.0041 3092        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/29 18:00:42.0087 3092        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/29 18:00:42.0134 3092        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/29 18:00:42.0197 3092        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/29 18:00:42.0244 3092        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/29 18:00:42.0337 3092        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/29 18:00:42.0400 3092        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/29 18:00:42.0478 3092        AsDsm          (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
2011/05/29 18:00:42.0806 3092        ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/05/29 18:00:43.0087 3092        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/29 18:00:43.0150 3092        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/29 18:00:43.0244 3092        athr            (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2011/05/29 18:00:43.0775 3092        avgio          (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/29 18:00:43.0978 3092        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/29 18:00:44.0166 3092        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/29 18:00:44.0275 3092        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/29 18:00:44.0369 3092        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/29 18:00:44.0431 3092        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/29 18:00:44.0509 3092        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/29 18:00:44.0556 3092        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/29 18:00:44.0650 3092        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/29 18:00:44.0712 3092        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/29 18:00:44.0775 3092        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/29 18:00:44.0822 3092        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/29 18:00:44.0869 3092        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/29 18:00:44.0931 3092        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/29 18:00:44.0994 3092        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/29 18:00:45.0072 3092        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/29 18:00:45.0166 3092        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/29 18:00:45.0259 3092        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/29 18:00:45.0306 3092        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/29 18:00:45.0369 3092        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/29 18:00:45.0416 3092        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/29 18:00:45.0478 3092        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/29 18:00:45.0650 3092        DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/29 18:00:45.0775 3092        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/29 18:00:45.0869 3092        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/29 18:00:45.0947 3092        Dot4Print      (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/29 18:00:45.0994 3092        dot4usb        (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/29 18:00:46.0087 3092        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/29 18:00:46.0212 3092        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/29 18:00:46.0275 3092        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/29 18:00:46.0384 3092        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/29 18:00:46.0447 3092        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/29 18:00:46.0697 3092        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/29 18:00:46.0822 3092        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/29 18:00:46.0900 3092        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/29 18:00:46.0962 3092        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/29 18:00:47.0228 3092        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/29 18:00:47.0291 3092        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/29 18:00:47.0353 3092        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/29 18:00:47.0431 3092        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/29 18:00:47.0525 3092        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/29 18:00:47.0603 3092        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/29 18:00:47.0962 3092        ghaio          (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2011/05/29 18:00:48.0181 3092        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/29 18:00:48.0275 3092        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/29 18:00:48.0337 3092        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/29 18:00:48.0384 3092        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/29 18:00:48.0462 3092        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/29 18:00:48.0541 3092        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/29 18:00:48.0603 3092        HTTP            (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/05/29 18:00:48.0666 3092        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/29 18:00:48.0728 3092        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/29 18:00:48.0775 3092        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/29 18:00:48.0853 3092        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/29 18:00:48.0994 3092        IntcAzAudAddService (dcdfe561f177105e1e365733f09f3e30) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/29 18:00:49.0119 3092        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/29 18:00:49.0166 3092        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/29 18:00:49.0244 3092        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/29 18:00:49.0353 3092        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/29 18:00:49.0400 3092        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/29 18:00:49.0494 3092        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/29 18:00:49.0556 3092        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/29 18:00:49.0619 3092        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/29 18:00:49.0681 3092        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/29 18:00:49.0744 3092        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/29 18:00:49.0791 3092        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/29 18:00:49.0869 3092        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/29 18:00:49.0916 3092        kbfiltr        (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/05/29 18:00:49.0994 3092        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/29 18:00:50.0103 3092        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/29 18:00:50.0197 3092        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/29 18:00:50.0259 3092        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/29 18:00:50.0369 3092        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/29 18:00:50.0447 3092        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/29 18:00:50.0525 3092        lullaby        (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
2011/05/29 18:00:50.0603 3092        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/29 18:00:50.0681 3092        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/29 18:00:50.0775 3092        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/29 18:00:50.0837 3092        MODEMCSA        (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2011/05/29 18:00:50.0900 3092        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/29 18:00:50.0962 3092        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/29 18:00:51.0025 3092        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/29 18:00:51.0087 3092        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/29 18:00:51.0181 3092        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/29 18:00:51.0259 3092        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/29 18:00:51.0337 3092        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/29 18:00:51.0447 3092        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/29 18:00:51.0525 3092        mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/29 18:00:51.0603 3092        mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/29 18:00:51.0681 3092        mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/29 18:00:51.0775 3092        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/29 18:00:51.0853 3092        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/29 18:00:51.0994 3092        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/29 18:00:52.0072 3092        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/29 18:00:52.0181 3092        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/29 18:00:52.0275 3092        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/29 18:00:52.0353 3092        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/29 18:00:52.0431 3092        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/29 18:00:52.0541 3092        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/29 18:00:52.0603 3092        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/29 18:00:52.0681 3092        MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/05/29 18:00:52.0791 3092        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/29 18:00:52.0900 3092        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/29 18:00:53.0025 3092        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/29 18:00:53.0119 3092        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/29 18:00:53.0181 3092        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/29 18:00:53.0291 3092        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/29 18:00:53.0384 3092        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/29 18:00:53.0587 3092        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/29 18:00:53.0666 3092        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/29 18:00:53.0806 3092        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/29 18:00:53.0900 3092        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/29 18:00:53.0994 3092        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/29 18:00:54.0134 3092        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/29 18:00:54.0228 3092        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/29 18:00:54.0306 3092        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/29 18:00:54.0619 3092        nvlddmkm        (340c9a91d457e4ae849f42b2688800e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/29 18:00:54.0853 3092        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/29 18:00:54.0947 3092        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/29 18:00:55.0025 3092        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/29 18:00:55.0212 3092        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/29 18:00:55.0322 3092        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/29 18:00:55.0416 3092        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/29 18:00:55.0572 3092        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/29 18:00:55.0697 3092        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/29 18:00:55.0791 3092        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/29 18:00:55.0869 3092        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/29 18:00:55.0978 3092        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/29 18:00:56.0259 3092        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/29 18:00:56.0337 3092        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/29 18:00:56.0462 3092        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/29 18:00:56.0603 3092        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/29 18:00:56.0697 3092        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/29 18:00:56.0791 3092        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/29 18:00:56.0869 3092        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/29 18:00:56.0947 3092        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/29 18:00:57.0056 3092        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/29 18:00:57.0150 3092        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/29 18:00:57.0244 3092        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/29 18:00:57.0353 3092        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/29 18:00:57.0494 3092        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/29 18:00:57.0619 3092        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/29 18:00:57.0744 3092        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/29 18:00:57.0947 3092        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/29 18:00:58.0025 3092        RTSTOR          (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/29 18:00:58.0119 3092        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/29 18:00:58.0275 3092        sdbus          (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/29 18:00:58.0369 3092        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/29 18:00:58.0509 3092        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/29 18:00:58.0587 3092        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/29 18:00:58.0650 3092        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/29 18:00:58.0806 3092        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/29 18:00:58.0884 3092        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/29 18:00:58.0947 3092        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/29 18:00:59.0025 3092        sfloppy        (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/29 18:00:59.0150 3092        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/29 18:00:59.0228 3092        SiSGbeLH        (73838461f11fc7daee7922c945b2d74f) C:\Windows\system32\DRIVERS\SiSGB6.sys
2011/05/29 18:00:59.0306 3092        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/29 18:00:59.0384 3092        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/29 18:00:59.0572 3092        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/29 18:00:59.0712 3092        smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/05/29 18:00:59.0853 3092        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/29 18:00:59.0994 3092        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/29 18:01:00.0134 3092        srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/29 18:01:00.0212 3092        srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/29 18:01:00.0353 3092        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/29 18:01:00.0494 3092        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/29 18:01:00.0603 3092        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/29 18:01:00.0666 3092        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/29 18:01:00.0744 3092        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/29 18:01:00.0822 3092        SynTP          (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/29 18:01:01.0009 3092        Tcpip          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/29 18:01:01.0150 3092        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/29 18:01:01.0306 3092        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/29 18:01:01.0400 3092        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/29 18:01:01.0556 3092        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/29 18:01:01.0681 3092        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/29 18:01:01.0822 3092        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/29 18:01:02.0056 3092        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/29 18:01:02.0134 3092        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/29 18:01:02.0244 3092        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/29 18:01:02.0337 3092        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/29 18:01:02.0431 3092        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/29 18:01:02.0619 3092        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/29 18:01:02.0759 3092        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/29 18:01:02.0869 3092        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/29 18:01:02.0962 3092        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/29 18:01:03.0072 3092        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/29 18:01:03.0228 3092        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/29 18:01:03.0337 3092        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/29 18:01:03.0494 3092        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/29 18:01:03.0837 3092        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/29 18:01:03.0931 3092        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/29 18:01:04.0041 3092        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/29 18:01:04.0134 3092        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/29 18:01:04.0337 3092        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/29 18:01:04.0462 3092        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/29 18:01:04.0587 3092        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/29 18:01:04.0681 3092        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/29 18:01:04.0853 3092        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/29 18:01:05.0025 3092        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/29 18:01:05.0119 3092        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/29 18:01:05.0228 3092        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/29 18:01:05.0431 3092        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/29 18:01:05.0603 3092        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/29 18:01:05.0744 3092        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/29 18:01:05.0962 3092        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/29 18:01:06.0041 3092        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 18:01:06.0103 3092        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 18:01:06.0322 3092        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/29 18:01:06.0431 3092        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/29 18:01:06.0869 3092        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/29 18:01:07.0134 3092        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/29 18:01:07.0291 3092        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/29 18:01:07.0416 3092        yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/29 18:01:07.0572 3092        MBR (0x1B8)    (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
2011/05/29 18:01:07.0650 3092        ================================================================================
2011/05/29 18:01:07.0650 3092        Scan finished
2011/05/29 18:01:07.0650 3092        ================================================================================
2011/05/29 18:01:07.0697 3468        Detected object count: 0
2011/05/29 18:01:07.0697 3468        Actual detected object count: 0

cosinus 29.05.2011 17:47
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Vivo 30.05.2011 15:40
Also hier das ComboFix-Log:
Code:
ComboFix 11-05-29.02 - *** 30.05.2011  16:07:22.1.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.2047.1256 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-28 bis 2011-05-30  ))))))))))))))))))))))))))))))
.
.
2011-05-30 14:24 . 2011-05-30 14:24        --------        d-----w-        c:\users\***\AppData\Local\temp
2011-05-30 14:24 . 2011-05-30 14:24        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-30 01:02 . 2011-05-30 01:02        --------        d-----w-        c:\program files\Microsoft.NET
2011-05-29 14:13 . 2011-05-29 14:13        --------        d-----w-        C:\_OTL
2011-05-28 23:13 . 2011-05-28 23:13        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-27 18:22 . 2011-05-27 18:22        --------        d-----w-        c:\users\***\AppData\Roaming\DriverCure
2011-05-27 18:22 . 2011-05-27 18:22        --------        d-----w-        c:\users\***\AppData\Roaming\ParetoLogic
2011-05-27 18:22 . 2011-05-27 18:22        --------        d-----w-        c:\program files\Common Files\ParetoLogic
2011-05-27 18:22 . 2011-05-27 18:22        --------        d-----w-        c:\programdata\ParetoLogic
2011-05-27 18:22 . 2011-05-27 18:22        --------        d-----w-        c:\program files\ParetoLogic
2011-05-27 17:49 . 2011-05-27 17:49        --------        d-----w-        c:\windows\BDOSCAN8
2011-05-27 17:49 . 2011-05-27 17:49        --------        d-----w-        c:\users\***\AppData\Local\PackageAware
2011-05-27 12:21 . 2011-05-09 20:46        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE71612A-A3E1-4650-8A1D-7BBC6B900133}\mpengine.dll
2011-05-11 11:14 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-05-04 20:56 . 2011-05-27 19:40        --------        d-----w-        c:\program files\SnapDragon Games
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-12 12:16 . 2009-02-16 21:03        796672        ----a-w-        c:\windows\GPInstall.exe
2011-03-16 14:47 . 2010-02-11 17:05        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-12 21:55 . 2011-04-27 07:30        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-13 21:59        1162240        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-13 21:59        1136640        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-13 21:59        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 07:30        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-27 07:30        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 07:30        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 07:30        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 07:30        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-27 07:30        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-13 21:58        2041856        ----a-w-        c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-13 21:59        86528        ----a-w-        c:\windows\system32\dnsrslvr.dll
2008-07-02 02:28 . 2008-07-02 02:28        61440        ----a-w-        c:\program files\Common Files\CPInstallAction.dll
2011-04-14 16:40 . 2011-05-27 18:42        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2008-02-22 62760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-01 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-01 92704]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-17 5320704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Biet-O-Matic.lnk - c:\program files\Biet-O-Matic\Biet-O-Matic.exe [2008-12-6 1265664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-11-16 48128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-27 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:51]
.
2011-05-27 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:51]
.
2011-05-27 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-05-27 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xvhu1y2j.default\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-NvCplDaemonTool - c:\users\***\tloadF4.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-30 16:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2904)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Zeit der Fertigstellung: 2011-05-30  16:31:12
ComboFix-quarantined-files.txt  2011-05-30 14:31
.
Vor Suchlauf: 16 Verzeichnis(se), 35.847.831.552 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 36.034.375.680 Bytes frei
.
- - End Of File - - 8DF4CA82AF9E90FF3987D555FDF566C9

cosinus 30.05.2011 16:14
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Vivo 30.05.2011 18:56
Okay, also hier die neuen Logfiles:

neues GMER-Log:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-30 19:39:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: ksdu5jyf.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                            section is writeable [0x8B809340, 0x3DC4A7, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [743B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [7440A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [743BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [743AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [743B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [743AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [743E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [743BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [743AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [743AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [743A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [7443CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [743DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [743AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [743A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [743A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [743B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                              AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                            AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                  0 bytes
File            C:\ADSM_PData_0150\DB                                                                                0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                          624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                          512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                      253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                              512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                          0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                    512 bytes

---- EOF - GMER 1.0.15 ----
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:47:14 on 30.05.2011

OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"ParetoLogic Registration3.job" - ? - C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
"ParetoLogic Update Version3.job" - "ParetoLogic Inc." - C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
"PC Health Advisor.job" - "ParetoLogic, Inc." - C:\Program Files\ParetoLogic\PCHA\PCHA.exe
"PC Health Advisor Defrag.job" - "ParetoLogic, Inc." - C:\Program Files\ParetoLogic\PCHA\PCHA.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\AsDsm.sys
"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lullaby" (lullaby) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys
"pwliyfow" (pwliyfow) - ? - C:\Users\***\AppData\Local\Temp\pwliyfow.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" - "ASUS" - C:\Windows\system32\TPESetting.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{BC593DF5-466F-44EC-8FFD-C4DBC603B917} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{82AA9188-44E0-40B9-B956-43A10C315B4F} "RootShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2ED7FD81-CBA6-45E5-A49A-5E84889A94E2} "ShellDragDropHandler Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{7568C3F3-DF7E-436A-95C2-772819DF58B4} "ShellFolderExternal Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{119310E6-5FB7-4eeb-BEDB-9E229E76B9B4} "ShellFolderMultiUploadDestination Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{3B164627-7060-47BB-A1BE-DF5540B02821} "ShellFolderMultiUploadSource Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{6E0A0931-B89D-45B7-8BF0-F221A6D67257} "ShellFolderRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{EB5EE1F3-041A-4c03-9D51-2BEC6715FB00} "ShellFolderSearchRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{F87DED31-303F-4ED1-9BCE-D360FBC74E0A} "SmartFTP ContextMenu Shell Extension" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} "SmartFTP Drop ShellIconOverlayHandler" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{FD504287-1372-40d2-ACA6-216A8FCC243D} "SmartFTP FavoritesShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{0848278D-D88B-445b-BEDC-7DFBDB061F5F} "SmartFTP FavoritesShellFolderDesktop class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{40FDFA48-5F4E-4627-A78E-6A49A3D4492F} "SmartFTP ShellDropHandler Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\Windows\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"Exec" - ? - C:\Windows\bdoscandel.exe  (File found, but it contains no detailed information)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - ? - C:\Program Files\Java\jre6\bin\jp2ssv.dll  (File not found)
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Biet-O-Matic.lnk" - "www.bid-o-matic.org" - C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ASUSTPE" - "ASUS" - C:\Windows\system32\ASUSTPE.exe
"ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe
"ATKOSD2" - ? - "C:\Program Files\ATKOSD2\ATKOSD2.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HControlUser" - ? - "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
"LanguageShortcut" - ? - "C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe"
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"hpfll70v.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpfll70v.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ADSM Service" (ADSMService) - ? - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Basic Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        PEGATRON CORPORATION
BIOS Manufacturer:                American Megatrends Inc.
System Manufacturer:                ASUSTeK Computer Inc.
System Product Name:                F5C
Logical Drives Mask:                0x0000003c

Kernel Drivers (total 151):
  0x81E0D000 \SystemRoot\system32\ntkrnlpa.exe
  0x821C7000 \SystemRoot\system32\hal.dll
  0x8040D000 \SystemRoot\system32\kdcom.dll
  0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80484000 \SystemRoot\system32\PSHED.dll
  0x80495000 \SystemRoot\system32\BOOTVID.dll
  0x8049D000 \SystemRoot\system32\CLFS.SYS
  0x804DE000 \SystemRoot\system32\CI.dll
  0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068F000 \SystemRoot\system32\drivers\acpi.sys
  0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E6000 \SystemRoot\system32\drivers\pci.sys
  0x8070D000 \SystemRoot\System32\drivers\partmgr.sys
  0x8071C000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8071F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x80729000 \SystemRoot\system32\drivers\volmgr.sys
  0x80738000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80782000 \SystemRoot\system32\drivers\pciide.sys
  0x80789000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x80797000 \SystemRoot\System32\drivers\mountmgr.sys
  0x807A7000 \SystemRoot\system32\drivers\atapi.sys
  0x807AF000 \SystemRoot\system32\drivers\ataport.SYS
  0x807CD000 \SystemRoot\system32\drivers\fltmgr.sys
  0x805BE000 \SystemRoot\system32\drivers\fileinfo.sys
  0x805CE000 \SystemRoot\System32\Drivers\AsDsm.sys
  0x805D8000 \SystemRoot\system32\DRIVERS\lullaby.sys
  0x87802000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x87873000 \SystemRoot\system32\drivers\ndis.sys
  0x8797E000 \SystemRoot\system32\drivers\msrpc.sys
  0x879A9000 \SystemRoot\system32\drivers\NETIO.SYS
  0x87A09000 \SystemRoot\System32\drivers\tcpip.sys
  0x87AF3000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x87C07000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x87D17000 \SystemRoot\system32\drivers\wd.sys
  0x87D1F000 \SystemRoot\system32\drivers\volsnap.sys
  0x87D58000 \SystemRoot\System32\Drivers\spldr.sys
  0x87D60000 \SystemRoot\System32\Drivers\mup.sys
  0x87D6F000 \SystemRoot\System32\drivers\ecache.sys
  0x87D96000 \SystemRoot\system32\drivers\disk.sys
  0x87DA7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x87DC8000 \SystemRoot\system32\drivers\crcdisk.sys
  0x87DF1000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x87B0E000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x87B17000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
  0x87B1F000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8B809000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8BF24000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8BFC4000 \SystemRoot\System32\drivers\watchdog.sys
  0x8BFD0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8BFE3000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
  0x8BFEB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x87B2E000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8BFF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x87B5D000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x87B68000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x87B72000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x87BB0000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x87BBF000 \SystemRoot\system32\DRIVERS\SiSGB6.sys
  0x87BCF000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8C000000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8C0E4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8C171000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8C175000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8C1A4000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8C1E5000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x87BE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8C1F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8C40B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8C42E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8C43D000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8C451000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8C466000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8C476000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8C478000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8C4A2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8C4AC000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8C4B9000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8C4EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8C600000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8C4FF000 \SystemRoot\system32\drivers\portcls.sys
  0x8C52C000 \SystemRoot\system32\drivers\drmk.sys
  0x8C801000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x8C927000 \SystemRoot\system32\drivers\modem.sys
  0x8C934000 \SystemRoot\system32\drivers\MODEMCSA.sys
  0x8C93E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8C947000 \SystemRoot\System32\Drivers\Null.SYS
  0x8C94E000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8C95E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8C965000 \SystemRoot\System32\drivers\vga.sys
  0x8C971000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C992000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C99A000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8C9A2000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8C9AD000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8C9BB000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8C9C4000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8C9DA000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8C551000 \SystemRoot\system32\drivers\afd.sys
  0x8C599000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8C5CB000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8C9EE000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8C5E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8C955000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8CA0F000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8CA4B000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8CA55000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8CA6C000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8CA92000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8CA94000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8CAAB000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8CAB4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8CAC4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8CACD000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8CADA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8CAE5000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x8CAED000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x942D0000 \SystemRoot\System32\win32k.sys
  0x8CAFF000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8CB09000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x944F0000 \SystemRoot\System32\TSDDD.dll
  0x94510000 \SystemRoot\System32\cdd.dll
  0x8CB18000 \SystemRoot\system32\drivers\luafv.sys
  0x8CB33000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x8CB48000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8CB58000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8CB82000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8CB8C000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9C409000 \SystemRoot\system32\drivers\spsys.sys
  0x9C4B9000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
  0x9C4C0000 \SystemRoot\system32\drivers\HTTP.sys
  0x9C52D000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9C54A000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x9C560000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9C579000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9C58E000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9C5AF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x8CB9F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9C5CE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x8CBD8000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9E408000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9E457000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
  0x9E45A000 \SystemRoot\system32\drivers\peauth.sys
  0x9E538000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x9E560000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9E56A000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9E576000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x9E58B000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x9E59D000 \??\C:\Users\***\AppData\Local\Temp\pwliyfow.sys
  0x771C0000 \Windows\System32\ntdll.dll

Processes (total 68):
      0 System Idle Process
      4 System
    420 C:\Windows\System32\smss.exe
    484 csrss.exe
    532 C:\Windows\System32\wininit.exe
    540 csrss.exe
    580 C:\Windows\System32\services.exe
    592 C:\Windows\System32\lsass.exe
    600 C:\Windows\System32\lsm.exe
    624 C:\Windows\System32\winlogon.exe
    788 C:\Windows\System32\svchost.exe
    848 C:\Windows\System32\nvvsvc.exe
    872 C:\Windows\System32\svchost.exe
    908 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\audiodg.exe
    1180 C:\Windows\System32\SLsvc.exe
    1236 C:\Windows\System32\rundll32.exe
    1364 C:\Windows\System32\svchost.exe
    1452 C:\Windows\System32\svchost.exe
    1580 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    1604 C:\Windows\System32\wlanext.exe
    1648 C:\Program Files\ATK Hotkey\AsLdrSrv.exe
    1668 C:\Windows\System32\dwm.exe
    1700 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1720 C:\Windows\explorer.exe
    1800 C:\Windows\System32\spoolsv.exe
    1884 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1944 C:\Windows\System32\rundll32.exe
    1952 C:\Program Files\ATK Hotkey\HControlUser.exe
    1960 C:\Program Files\ATKOSD2\ATKOSD2.exe
    1968 C:\Windows\RtHDVCpl.exe
    1980 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1988 C:\Windows\System32\ASUSTPE.exe
    1996 C:\Program Files\ASUS\ATK Media\DMedia.exe
    2004 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2032 C:\Windows\System32\svchost.exe
    2044 C:\Program Files\ATK Hotkey\HControl.exe
    196 C:\Program Files\ATK Hotkey\MsgTranAgt.exe
    204 C:\Program Files\Wireless Console 2\wcourier.exe
    240 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
    264 C:\Program Files\P4G\BatteryLife.exe
    284 C:\Program Files\ASUS\Splendid\ACMON.exe
    1380 ACEngSvr.exe
    1472 C:\Program Files\ATK Hotkey\ATKOSD.exe
    1568 C:\Program Files\ATK Hotkey\KBFiltr.exe
    300 C:\Program Files\ATK Hotkey\WDC.exe
    1248 C:\Windows\System32\agrsmsvc.exe
    2076 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2116 C:\Windows\System32\svchost.exe
    2172 C:\Windows\System32\svchost.exe
    2264 C:\Windows\System32\svchost.exe
    2300 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2352 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    2404 C:\Windows\System32\svchost.exe
    2444 C:\Windows\System32\svchost.exe
    2492 C:\Windows\System32\SearchIndexer.exe
    2536 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2600 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    2784 WUDFHost.exe
    884 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3492 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\wuauclt.exe
    3648 C:\Windows\System32\SearchProtocolHost.exe
    3364 C:\Windows\System32\SearchFilterHost.exe
    1940 C:\Users\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000015`1262f400  (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 30.05.2011 19:38
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

Vivo 30.05.2011 21:44
Den MBR habe ich gefixt und hier die neuen Logfiles:

MBRCheck:
HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Basic Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        PEGATRON CORPORATION
BIOS Manufacturer:                American Megatrends Inc.
System Manufacturer:                ASUSTeK Computer Inc.
System Product Name:                F5C
Logical Drives Mask:                0x0000003c

Kernel Drivers (total 150):
  0x81E36000 \SystemRoot\system32\ntkrnlpa.exe
  0x81E03000 \SystemRoot\system32\hal.dll
  0x80404000 \SystemRoot\system32\kdcom.dll
  0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8047B000 \SystemRoot\system32\PSHED.dll
  0x8048C000 \SystemRoot\system32\BOOTVID.dll
  0x80494000 \SystemRoot\system32\CLFS.SYS
  0x804D5000 \SystemRoot\system32\CI.dll
  0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80680000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068D000 \SystemRoot\system32\drivers\acpi.sys
  0x806D3000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806DC000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E4000 \SystemRoot\system32\drivers\pci.sys
  0x8070B000 \SystemRoot\System32\drivers\partmgr.sys
  0x8071A000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8071D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x80727000 \SystemRoot\system32\drivers\volmgr.sys
  0x80736000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80780000 \SystemRoot\system32\drivers\pciide.sys
  0x80787000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x80795000 \SystemRoot\System32\drivers\mountmgr.sys
  0x807A5000 \SystemRoot\system32\drivers\atapi.sys
  0x807AD000 \SystemRoot\system32\drivers\ataport.SYS
  0x807CB000 \SystemRoot\system32\drivers\fltmgr.sys
  0x805B5000 \SystemRoot\system32\drivers\fileinfo.sys
  0x805C5000 \SystemRoot\System32\Drivers\AsDsm.sys
  0x805CF000 \SystemRoot\system32\DRIVERS\lullaby.sys
  0x87800000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x87871000 \SystemRoot\system32\drivers\ndis.sys
  0x8797C000 \SystemRoot\system32\drivers\msrpc.sys
  0x879A7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x87A02000 \SystemRoot\System32\drivers\tcpip.sys
  0x87AEC000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x87C0A000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x87D1A000 \SystemRoot\system32\drivers\wd.sys
  0x87D22000 \SystemRoot\system32\drivers\volsnap.sys
  0x87D5B000 \SystemRoot\System32\Drivers\spldr.sys
  0x87D63000 \SystemRoot\System32\Drivers\mup.sys
  0x87D72000 \SystemRoot\System32\drivers\ecache.sys
  0x87D99000 \SystemRoot\system32\drivers\disk.sys
  0x87DAA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x87DCB000 \SystemRoot\system32\drivers\crcdisk.sys
  0x87DF4000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x87C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x87B07000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
  0x87B0F000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8B408000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8BB23000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8BBC3000 \SystemRoot\System32\drivers\watchdog.sys
  0x8BBCF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8BBE2000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
  0x8BBEA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x87B1E000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8BBF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x87B4D000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x87B58000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x87B62000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x87BA0000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x87BAF000 \SystemRoot\system32\DRIVERS\SiSGB6.sys
  0x87BBF000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8B006000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8B0EA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8B177000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8B17B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8B1AA000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8B1EB000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x87BD7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x87BEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x805D7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x879E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8BC09000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8BC1D000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8BC32000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8BC42000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8BC44000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8BC6E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8BC78000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8BC85000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8BCBA000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8BE00000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8BCCB000 \SystemRoot\system32\drivers\portcls.sys
  0x8BCF8000 \SystemRoot\system32\drivers\drmk.sys
  0x8C00E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x8C134000 \SystemRoot\system32\drivers\modem.sys
  0x8C141000 \SystemRoot\system32\drivers\MODEMCSA.sys
  0x8C14B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8C154000 \SystemRoot\System32\Drivers\Null.SYS
  0x8C15B000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8C16B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8C172000 \SystemRoot\System32\drivers\vga.sys
  0x8C17E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C19F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C1A7000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8C1AF000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8C1BA000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8C1C8000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8C1D1000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8C1E7000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8BD1D000 \SystemRoot\system32\drivers\afd.sys
  0x8BD65000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8BD97000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8C000000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8BDAD000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8C162000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8BDC0000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8B1F6000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8C402000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8C419000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8C43F000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8C441000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8C458000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8C461000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8C471000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8C47A000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C487000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8C492000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x8C49A000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x93A40000 \SystemRoot\System32\win32k.sys
  0x8C4AC000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8C4B6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x93C60000 \SystemRoot\System32\TSDDD.dll
  0x93C80000 \SystemRoot\System32\cdd.dll
  0x8C4C5000 \SystemRoot\system32\drivers\luafv.sys
  0x8C4E0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x8C4F5000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8C505000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8C52F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8C539000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x8C54C000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
  0x9BE04000 \SystemRoot\system32\drivers\spsys.sys
  0x9BEB4000 \SystemRoot\system32\drivers\HTTP.sys
  0x9BF21000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9BF3E000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x9BF54000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9BF6D000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9BF82000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9BFA3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9BFC2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x8C553000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x8C56B000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x8C593000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9BFFB000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
  0xA060D000 \SystemRoot\system32\drivers\peauth.sys
  0xA06EB000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA06F5000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA071D000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA0729000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA073E000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x770E0000 \Windows\System32\ntdll.dll

Processes (total 68):
      0 System Idle Process
      4 System
    396 C:\Windows\System32\smss.exe
    464 csrss.exe
    508 C:\Windows\System32\wininit.exe
    516 csrss.exe
    556 C:\Windows\System32\services.exe
    568 C:\Windows\System32\lsass.exe
    576 C:\Windows\System32\lsm.exe
    600 C:\Windows\System32\winlogon.exe
    764 C:\Windows\System32\svchost.exe
    824 C:\Windows\System32\nvvsvc.exe
    848 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\audiodg.exe
    1160 C:\Windows\System32\SLsvc.exe
    1212 C:\Windows\System32\rundll32.exe
    1344 C:\Windows\System32\svchost.exe
    1400 C:\Windows\System32\svchost.exe
    1548 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    1564 C:\Program Files\ATK Hotkey\AsLdrSrv.exe
    1576 C:\Windows\System32\wlanext.exe
    1604 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1704 C:\Windows\System32\spoolsv.exe
    1736 C:\Windows\System32\dwm.exe
    1752 C:\Windows\explorer.exe
    1864 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1892 C:\Windows\System32\svchost.exe
    1936 C:\Windows\System32\rundll32.exe
    1944 C:\Program Files\ATK Hotkey\HControlUser.exe
    1952 C:\Program Files\ATKOSD2\ATKOSD2.exe
    1960 C:\Windows\RtHDVCpl.exe
    1968 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1988 C:\Windows\System32\ASUSTPE.exe
    2000 C:\Program Files\ASUS\ATK Media\DMedia.exe
    2012 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2020 C:\Program Files\ATK Hotkey\HControl.exe
    2036 C:\Program Files\ATK Hotkey\MsgTranAgt.exe
    2044 C:\Program Files\Wireless Console 2\wcourier.exe
    196 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
    204 C:\Program Files\P4G\BatteryLife.exe
    240 C:\Program Files\ASUS\Splendid\ACMON.exe
    1124 ACEngSvr.exe
    1596 C:\Program Files\ATK Hotkey\ATKOSD.exe
    1464 C:\Program Files\ATK Hotkey\KBFiltr.exe
    1784 C:\Program Files\ATK Hotkey\WDC.exe
    1844 C:\Windows\System32\agrsmsvc.exe
    2028 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    268 C:\Windows\System32\svchost.exe
    2112 C:\Windows\System32\svchost.exe
    2156 C:\Windows\System32\svchost.exe
    2240 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2256 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    2360 C:\Windows\System32\svchost.exe
    2412 C:\Windows\System32\svchost.exe
    2468 C:\Windows\System32\SearchIndexer.exe
    2484 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2592 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    2712 WUDFHost.exe
    3512 WmiPrvSE.exe
    3348 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    2960 C:\Windows\System32\SearchProtocolHost.exe
    4020 C:\Windows\System32\SearchFilterHost.exe
    4044 C:\Windows\System32\svchost.exe
    3692 C:\Users\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000015`1262f400  (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
GMER:
GMER Logfile:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-30 22:39:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: ksdu5jyf.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                            section is writeable [0x8B408340, 0x3DC4A7, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [742D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [7432A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [742DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [742CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [742D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [742CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74308395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [742DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [742CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [742CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [742C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [7435CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [742FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [742CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [742C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [742C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [742D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                              AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                            AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                  0 bytes
File            C:\ADSM_PData_0150\DB                                                                                0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                          624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                          512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                      253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                              512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                          0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                    512 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 31.05.2011 10:00
Zitat:
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Vivo 01.06.2011 15:55
Die MBAM- und SASW-Logs habe ich fertig. Den ESET-Scanner kriege ich aber gerade nicht zum Laufen, der zeigt an:

Code:
Can not get update. Is proxy configured?
Internetverbindung läuft aber soweit normal.

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6731

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

31.05.2011 17:59:15
mbam-log-2011-05-31 (17-59-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 281912
Laufzeit: 1 Stunde(n), 24 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/01/2011 at 00:05 AM

Application Version : 4.53.1000

Core Rules Database Version : 7166
Trace Rules Database Version: 4978

Scan type      : Complete Scan
Total Scan Time : 02:19:53

Memory items scanned      : 573
Memory threats detected  : 0
Registry items scanned    : 7184
Registry threats detected : 0
File items scanned        : 145156
File threats detected    : 40

Adware.Tracking Cookie
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[1].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tacoda.at.atwola[1].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@cdn.at.atwola[1].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ar.atwola[1].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@at.atwola[2].txt
        acvs.mediaonenetwork.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        adserv.quality-channel.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        broadcast.piximedia.fr [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        cdn.insights.gravity.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        cdn1.eyewonder.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        cdn5.specificclick.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        content.oddcast.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        counter.cam-content.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        crackle.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        de.mediaplanet.streamingbolaget.se [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        googleads.g.doubleclick.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        ia.media-imdb.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        imagesrv.adition.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        inwmedia.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        m1.emea.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        media.autobild.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        media.bstdownload.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        media.cnbc.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        media.dreamhost.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        media.ecommerceplayer.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        media.filb.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        media.mtvnservices.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        media.rofl.to [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        media.scanscout.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        media01.kyte.tv [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        media1.break.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        mi.adinterax.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        oddcast.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        s0.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        secure-uk.imrworldwide.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        secure-us.imrworldwide.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        www.ardmediathek.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        www.crossmedia2.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        www.pornme.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
        www.royalmediamarketing.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]

cosinus 01.06.2011 20:30
Zitat:
Can not get update. Is proxy configured?
Bitte prüfen => http://www.trojaner-board.de/94344-p...n-pruefen.html

Vivo 01.06.2011 23:20
Habe hier zwei verschiedene ESET-Logs:

Code:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
Code:
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7575895d-2271c6fb        a variant of Java/Agent.BP trojan
C:\Users\***\Desktop\WS\A2WSA.EXE        probably a variant of Qres.316 virus


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:51 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129