Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" (https://www.trojaner-board.de/101681-malwarebytes-warnung-potentiell-gefaehrlicher-prozess-gestoppt.html)

Ivorya 25.07.2011 11:44

Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt"
 
Hallo!

Aussagekräftiger wäre wohl folgender Titel gewesen: Accounthack, Microsoft Security Essential Scan mit Fund, Fund behoben, dennoch meldet Malwarebytes Zugriffe und potentiell gefährliche Prozesse und Webseiten. Aber das wäre wohl etwas lang geworden.

Mein "Problem" bei dem ich mir nicht sicher bin, ob es überhaupt eins ist:

Ich habe einen WoW-Account, gesichert mit einem Mobile Authenticator (Handy-App). Mein Account lag seit Mai still und kurz vor diesem Wochenende habe ich den Mobile Authenticator von meinem Account entfernt, weil mein neues Handy mit der App nicht unterstützt wird.

Keine paar Stunden später wurde mein Account tatsächlich kompromittiert, ich bin also von einem Befall ausgegangen. Ich habe daraufhin mit mbam einen Fullscan gemacht, ohne Ergebnis. Microsoft Security Essentials fand etwas, mir fällt der Name nicht ein (Trojaner) aber ich reiche den Log in meiner Mittagspause (13 Uhr) hier nach.

Den Fund ließ ich mit MSE auch entfernen.

Danach habe ich den Mobile Authenticator aus Sicherheitsgründen wieder aktiviert (und wechsele nun fleißig Simkarten beim Einloggen :crazy:).

Was mich nun allerdings wundert: Beim Updaten von mbam vor dem Fullscan gab mbam mir die Möglichkeit für 7 Tage "Premium" zu testen. Ich habe dem zugestimmt und nun meldet mbam sehr häufig "potentiell gefährliche Prozesse" und "potentiell gefährliche Webseiten". Ausgehend, von opera.exe.

Ich bin noch in einem geschlossenen Forum unterwegs, wenn ich die Seite aufrufe, kommt die Meldung fast immer. Das Forum selbst ist aber laut Aussage der Admins nicht befallen, im Forum selbst sind nur User, die sich kennen, die Anzahl der User ist mehr als überschaubar, es ist kein warez-Forum, sondern ein "wir plaudern über Gott und die Welt" Forum. Das Forum ist geschlossen, nicht über die Googlesuche auffindbar und wir sind da wirklich "unter uns".

Ich habe bisher keinen Weg gefunden, die Meldung von mbam anzuklicken (also, dass sich da vielleicht noch mal Details dazu öffnen oder so) und weiß daher nicht, ob da noch rudimentäre Rückstände von Malware sind, oder ob es da zu vielen false-positives (wird so genannt, oder? :crazy:) kommt.

Mich verunsichern diese Meldungen allerdings enorm. Hijackthis sieht auch in meinen Augen recht unauffällig aus.

Ich habe hier im Forum zwei passende Beiträge gefunden, allerdings hat sich der TE offensichtlich so grenzdebil verhalten, dass beide Threads geschlossen wurden und mir somit wenig weiterhelfen :lach:

Fazit:
Was fange ich mit den Meldungen von mbam an? Bin ich noch malwarebefallen und wenn ja, wie finde ich das heraus, wenn MSE und auch mbam und HJT keine "Funde" oder Merkwürdigkeiten zeigen? Was bedeutet die mbam Meldung mit den potentiell gefährlichen Webseiten und Prozessen? Die Meldung kommt auf völlig herkömmlichen Seiten, gefühlt total random :killpc:

Danke für eure Hilfe
Ivorya

eeedit: Windows Vista Home Premium ist mein Betriebssystem, falls nötig :)

Ivorya 25.07.2011 12:21

Soo, hier der mbam Fullscan:

Code:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7230

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

22.07.2011 23:12:57
mbam-log-2011-07-22 (23-12-57).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 425096
Time elapsed: 1 hour(s), 21 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ich habe noch 4 Protectionlogs mit dem IP Block, je eins ab dem 22.07. bis 25.07:

1.
Code:

18:43:46        ***        MESSAGE        Protection started successfully
18:43:51        ***        MESSAGE        IP Protection started successfully
18:51:44        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 52084, Process: opera.exe)
18:51:44        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 52085, Process: opera.exe)
18:51:52        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 52091, Process: opera.exe)
18:56:25        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 52112, Process: opera.exe)
18:56:25        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 52113, Process: opera.exe)
20:05:23        ***        IP-BLOCK        62.45.185.123 (Type: outgoing, Port: 3724, Process: launcher.exe)
20:05:34        ***        IP-BLOCK        62.45.185.123 (Type: outgoing, Port: 3724, Process: launcher.exe)
20:11:05        ***        IP-BLOCK        62.45.180.83 (Type: incoming, Port: 3724, Process: launcher.exe)
20:11:05        ***        IP-BLOCK        62.45.180.83 (Type: incoming, Port: 3724, Process: launcher.exe)
20:11:14        ***        IP-BLOCK        62.45.180.83 (Type: incoming, Port: 3724, Process: launcher.exe)
21:03:16        *adm*        MESSAGE        Protection started successfully
21:03:20        *adm*        MESSAGE        IP Protection started successfully
21:11:45        ***        MESSAGE        Protection started successfully
21:11:49        ***        MESSAGE        IP Protection started successfully
21:38:56        *adm*        MESSAGE        Protection started successfully
21:39:00        *adm*        MESSAGE        IP Protection started successfully
21:50:32        ***        MESSAGE        Protection started successfully
21:50:36        ***        MESSAGE        IP Protection started successfully
22:12:05        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 49868, Process: opera.exe)
22:12:30        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 49906, Process: opera.exe)
22:13:10        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50098, Process: opera.exe)
22:13:27        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50118, Process: opera.exe)
22:13:59        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50148, Process: opera.exe)
22:14:15        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50166, Process: opera.exe)
22:14:39        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50242, Process: opera.exe)
22:15:11        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50310, Process: opera.exe)
22:15:27        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50329, Process: opera.exe)
22:16:08        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50390, Process: opera.exe)
22:16:32        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50434, Process: opera.exe)
22:17:12        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50462, Process: opera.exe)
22:17:37        ***        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50463, Process: opera.exe)
22:19:06        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50529, Process: opera.exe)
22:19:06        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50530, Process: opera.exe)
22:19:14        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50533, Process: opera.exe)
22:19:14        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50534, Process: opera.exe)
22:19:14        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50538, Process: opera.exe)
22:20:51        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50544, Process: opera.exe)
22:20:51        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50547, Process: opera.exe)
22:21:47        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50583, Process: opera.exe)
23:03:36        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51305, Process: opera.exe)

2.
Code:

01:10:02        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51768, Process: opera.exe)
01:10:03        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51777, Process: opera.exe)
01:11:07        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51784, Process: opera.exe)
01:11:07        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51785, Process: opera.exe)
09:21:12        (null)        MESSAGE        Scheduled update executed successfully
09:26:01        ***        MESSAGE        Protection started successfully
09:26:05        ***        MESSAGE        IP Protection started successfully
09:26:06        ***        MESSAGE        IP Protection stopped
09:26:08        ***        MESSAGE        Database updated successfully
09:26:09        ***        MESSAGE        IP Protection started successfully
09:32:07        ***        MESSAGE        Protection started successfully
09:32:11        ***        MESSAGE        IP Protection started successfully
10:05:24        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 49832, Process: opera.exe)
10:05:25        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 49833, Process: opera.exe)
10:05:33        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 49846, Process: opera.exe)
10:05:33        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 49847, Process: opera.exe)
13:20:33        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50282, Process: opera.exe)
13:20:34        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50285, Process: opera.exe)
13:20:34        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50288, Process: opera.exe)
13:20:34        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50295, Process: opera.exe)
13:20:34        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50296, Process: opera.exe)
13:20:42        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50304, Process: opera.exe)
13:20:42        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50305, Process: opera.exe)
13:21:07        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50310, Process: opera.exe)
13:21:07        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50311, Process: opera.exe)
13:22:03        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50322, Process: opera.exe)
13:22:03        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50323, Process: opera.exe)
13:22:11        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50328, Process: opera.exe)
13:24:20        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50401, Process: opera.exe)
13:24:20        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50402, Process: opera.exe)
13:38:29        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50420, Process: opera.exe)
13:38:29        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50421, Process: opera.exe)
13:38:29        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50423, Process: opera.exe)
13:38:29        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 50424, Process: opera.exe)
15:09:00        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51385, Process: opera.exe)
15:09:01        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51392, Process: opera.exe)
15:09:09        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51397, Process: opera.exe)
15:09:41        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51407, Process: opera.exe)
15:09:41        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51408, Process: opera.exe)
15:09:57        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51413, Process: opera.exe)
15:09:57        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51414, Process: opera.exe)
15:12:53        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51450, Process: opera.exe)
15:26:14        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51566, Process: opera.exe)
15:26:14        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51567, Process: opera.exe)
19:07:48        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51845, Process: opera.exe)
19:07:48        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51847, Process: opera.exe)
19:07:56        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51848, Process: opera.exe)
19:07:56        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 51849, Process: opera.exe)
19:21:50        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 52919, Process: opera.exe)
19:21:50        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 52920, Process: opera.exe)

3.
Code:

02:18:15        ***        MESSAGE        Scheduled update executed successfully
02:18:17        ***        MESSAGE        IP Protection stopped
02:18:25        ***        MESSAGE        Database updated successfully
02:18:26        ***        MESSAGE        IP Protection started successfully
10:21:19        ***        MESSAGE        Protection started successfully
10:21:23        ***        MESSAGE        IP Protection started successfully
10:29:40        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 49376, Process: opera.exe)
10:29:40        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 49377, Process: opera.exe)
12:18:55        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 49935, Process: opera.exe)
12:18:55        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 49936, Process: opera.exe)
18:36:58        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 52248, Process: opera.exe)
18:37:06        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 52259, Process: opera.exe)
18:42:27        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 52272, Process: opera.exe)
18:42:27        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 52273, Process: opera.exe)
19:51:42        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 53320, Process: opera.exe)
19:51:42        ***        IP-BLOCK        213.131.252.251 (Type: outgoing, Port: 53321, Process: opera.exe)

4.
Code:

02:18:12        ***        MESSAGE        Scheduled update executed successfully
02:18:13        ***        MESSAGE        IP Protection stopped
02:18:20        ***        MESSAGE        Database updated successfully
02:18:21        ***        MESSAGE        IP Protection started successfully
13:05:44        ***        MESSAGE        Protection started successfully
13:05:48        ***        MESSAGE        IP Protection started successfully


Der Log von MSE ist unauffindbar, keine Ahnung, wo MSE die Logs speichert :( Im Programmordner finde ich bei Scans nur .bin Dateien.
Der genannte Virus:

Trojan:Win32/Merdirt.A
Ausgeführte Aktion: Entfernt. (23.07. - 14:58 Uhr)
MSE hatte einen vollständigen Scan durchgeführt, der sicher 3 Stunden oder sogar noch länger gedauert hatte.

Weiterhin Danke! :knuddel:

edit: benutzerkonto mit *** versehen, adminkonto mit *adm* versehen. Mist, jetzt hab ich mir selbst geantwortet! Sollte eigentlich ins edit *kopf@tisch*

cosinus 25.07.2011 12:56

Hast du das Log von MSE auch vollständig da bzw. wurde noch mehr gefunden außer Trojan:Win32/Merdirt.A?

Solche Angaben reichen nicht, poste immer die vollständigen Angaben/Logs der Virenscanner.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Ivorya 25.07.2011 13:26

Hallo Cosinus,

vielen Dank, dass du dich meiner annimmst. Leider finde ich die Logs von MSE nicht. Nach einigem Googlen fand ich heraus, dass MSE wohl die logs hier speichert:
For Windows Vista and Windows 7:
c:\ProgramData\Microsoft\Microsoft Antimalware

Aber dort sind - wie gesagt - nur .bin-Dateien, damit weiß ich leider gar nichts anzufangen :( Ich kann diese aber hochladen, wenn dir das was bringen sollte, aber ich finde partout keine LogDateien in Textform von MSE :killpc:

Es existiert noch ein abgebrochener mbam-Fullscan von diesem Wochenende mit dem gleichen Ergebnis (also kein Fund), da ist mein pc eingefroren, da mbam und MSE wohl beide Echtzeitkontrolle haben und sich das in die Quere kommt. Kann ich nach Feierabend nachreichen.

Der angezeigte Trojaner war in einer GetStyles.exe Datei, einem angeblichen Addon für FireFox zum personalisieren, welches ich vor einiger Zeit runtergeladen habe. War mir damals nach Installation schon suspekt, habe es deinstalliert, aber die eigentliche download-exe wohl nicht gelöscht.

Es tut mir unheimlich leid, wenn ich wüsste wo MSE diese blöden Logs so speichert, dass man sie auch lesen kann, würde ich sie hier dranhängen :(

MSE fand vor paar Wochen auch OpenCandy. Wohl keine Malware, aber Adware. Liegt in Quarantäne.

Ich google jetzt noch mal weiter, wie ich diese Logs von MSE "sichtbar" bekomme. :aufsmaul:

cosinus 25.07.2011 14:43

In der Sektion Verlauf zeigt MSE auch nichts an?

Ivorya 25.07.2011 16:39

Liste der Anhänge anzeigen (Anzahl: 2)
Hallo Cosinus,

Im Verlauf ist die Merdirt.A und Open Candy aufgeführt. Ich habe nun Genaueres über den Event Viewer finden können. Es gibt wohl auch die Möglichkeit den Log per Eingabeaufforderung sichtbar zu machen, aber... dazu bin ich offensichtlich zu doof (Pfad nicht gefunden). :balla:

Im Verlauf steht:
oben im Titel: Trojan:Win32/Merdirt.A - Warnstufe: Schwerwiegend - Datum: 23.07.11 14:58 Uhr - Ausgeführte Aktion: Entfernt.

Ferner in den Details:

Code:

Kategorie: Trojaner

Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Security Essentials hat Programme erkannt, die Ihre Privatsphäre gefährden oder Ihren Computer beschädigen könnten. Sie können auf die von diesen Programmen verwendeten Dateien weiterhin zugreifen, ohne sie zu entfernen (nicht empfohlen). Wählen Sie zum Zugreifen auf diese Dateien die Aktion "Zulassen" aus, und klicken Sie dann auf "Aktionen anwenden". Wenn diese Option nicht verfügbar ist, melden Sie sich als Administrator an, oder bitten Sie den Sicherheitsadministrator um Unterstützung.

Elemente:
containerfile:D:\Downloads\GetStyles.exe
file:D:\Downloads\GetStyles.exe->(nsis-3-redir.dll)

Lesen Sie im Internet weitere Informationen zu diesem Element.

Im Eventviewer steht:
Code:

Microsoft Antimalware
 
  - EventID 1116

  [ Qualifiers]  0
 
  Level 3
 
  Task 0
 
  Keywords 0x80000000000000
 
  - TimeCreated

  [ SystemTime]  2011-07-23T12:48:42.000Z
 
  EventRecordID 202666
 
  Channel System
 
  Computer *Name*
 
  Security
 

- EventData

  %%860
  3.0.8107.0
  {124C1479-D571-4F2D-B251-97A6B79FC8A4}
  2011-07-23T12:48:12.471Z
   
   
  2147638350
  Trojan:Win32/Merdirt.A
  5
  Schwerwiegend
  8
  Trojaner
  hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Merdirt.A&threatid=2147638350
  1
   
  1
  1
  %%815
  Unknown
  *PC Name*\*Benutzername*
   
  containerfile:_D:\Downloads\GetStyles.exe;file:_D:\Downloads\GetStyles.exe->(nsis-3-redir.dll)
  1
  %%845
  0
  %%812
  0
  %%822
  0
  9
  %%887
   
  0x00000000
  Der Vorgang wurde erfolgreich beendet. 
   
  0
  0
  No additional actions required
   
   
  AV: 1.109.181.0, AS: 1.109.181.0, NIS: 9.196.0.0
  AM: 1.1.7104.0, NIS: 2.0.5854.0

Anbei auch zwei Screenshots, einmal von der Detailansicht von Merdirt.A und einmal von Open Candy (nur in Quarantäne). Der OpenCandy Fund war auch vom Wochenende, ich dachte, der war schon länger her.

Ich habe 3 Mbam logs. 1 bereits geposteter, 1 abgebrochener und einen, den ich vergessen hatte. Alle ohne Fund, alle noch mal angehängt. ansonsten habe ich keine. edit: einer der Logs ist ein Flash-Scan, sehe ich grad.

Hilft dir das irgendwie weiter? Das ist ja schon eher doof, dass MSE keine einfach zugänglichen Logs speichert. :daumenrunter:

Ivorya 25.07.2011 17:35

Ich muss mich nochmal melden, sorry: Aufgrund der Einfrierprobleme habe ich mich an diese Anleitung gehalten. Mbam also neu installiert und leider kann ich jetzt die pro-version nicht weiter testen, es sagt mir, meine Testversion sei abgelaufen :(

Demnach kann ich auch keine Updates geben, ob die "potentiell gefährlichen Webseiten oder Prozesse" noch auftauchen :( Dabei hab ich das doch erst seit dem Wochenende :(

aaaah edit hoppala, links werden nicht verlinkt. Eine Anleitung im malwarebytes Forum unter Malwarebytes Forum -> Malwarebytes' Anti-Malware Support -> General Malwarebytes' Anti-Malware Forum -> "FAQ - Common Issues, Questions, and their Solutions". Mbam und MSE kollidieren wohl wegen der Echtzeitkontrolle.

cosinus 25.07.2011 18:43

Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Ivorya 25.07.2011 22:16

Hallo Cosinus,

Hier das ESET Logfile
Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=a12ec5b91ac4fe4e9201ce9fcd19e968
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-25 09:03:59
# local_time=2011-07-25 11:03:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 3985126 149149361 0 0
# compatibility_mode=8192 67108863 100 0 140 140 0 0
# scanned=265053
# found=1
# cleaned=0
# scan_time=11206
D:\Progz\Nero 8\Nero-8.3.2.1b_eng.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I

Sieht so kurz aus?
Toolbar mit altem Nero? Das Nero hat mir bisher keine Probleme verursacht.

cosinus 26.07.2011 08:38

Den Fund kannste ignorieren, ESET hat das Nero-Setup nur angemeckert, weil es eine Ask-Toolbar enthält, die normalerweise mitinstalliert wird. Also immer schön bei jedem Setup aufpassen, dass keine schrottigen Toolbars oder ähnlich sinnfreies Zeug mitinstalliert wird.


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Ivorya 26.07.2011 20:09

Hallo Cosinus,

entschuldige, Dienstag ist immer ein langer Tag bei mir. Hier das OTL Log:
OTL Logfile:
Code:

OTL logfile created on: 26.07.2011 20:36:04 - Run 2
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Ivory\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 63,10% Memory free
6,06 Gb Paging File | 5,10 Gb Available in Paging File | 84,09% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 47,27 Gb Free Space | 48,40% Space Free | Partition Type: NTFS
Drive D: | 352,64 Gb Total Space | 149,15 Gb Free Space | 42,30% Space Free | Partition Type: NTFS
 
Computer Name: *PcName*| User Name: *admin*| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ivory\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Progz\TomTom\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - D:\Progz\TomTom\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - D:\Progz\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - D:\Progz\Lotus\org6\organize\EasyClip6.exe (Lotus Development Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*User*\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TomTomHOMEService) -- D:\Progz\TomTom\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (IGBASVC) -- C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsle1d20c56) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0A0E521-FF6D-485F-8FF8-E6BB87DAB7AD}\MpKsle1d20c56.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (Egistec)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (AlfaFF) -- C:\Windows\system32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (mbmiodrvr) -- C:\Windows\System32\mbmiodrvr.sys (cansoft@livewiredev.com)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5935
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {662f5b27-1a14-48d4-b9b6-69b111d6cfde} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: D:\Progz\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Progz\Picasa\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: D:\Progz\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Progz\Firefox\components [2011.06.21 17:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Progz\Firefox\plugins [2011.06.15 17:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: D:\Progz\Thunderbird\components [2011.07.14 18:39:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: D:\Progz\Thunderbird\plugins [2011.06.15 17:01:32 | 000,000,000 | ---D | M]
 
[2010.04.10 10:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caylee\AppData\Roaming\mozilla\Extensions
[2011.07.25 17:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caylee\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions
[2010.06.19 17:58:17 | 000,000,000 | ---D | M] ("Get Styles") -- C:\Users\Caylee\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
[2010.06.19 17:58:17 | 000,000,000 | ---D | M] (FBFan) -- C:\Users\Caylee\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
File not found (No name found) --
() (No name found) -- C:\USERS\*admin*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YERQZ0L7.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA96}.XPI
[2009.12.04 15:43:41 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGZ\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.09 14:29:13 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGZ\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.05.22 11:06:45 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGZ\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.06.14 21:31:48 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGZ\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.06.21 18:26:27 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2010.07.24 09:49:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Progz\Lotus\org6\organize\iehelper.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {662F5B27-1A14-48D4-B9B6-69B111D6CFDE} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] D:\Progz\Samsung PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [TomTomHOME.exe] D:\Progz\TomTom\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - D:\Progz\Lotus\org6\organize\bandobjs.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Programme\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Caylee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
MsConfig - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Progz\Deamon\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: mwlDaemon - hkey= - key= - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - D:\Progz\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2366CF17-E8C1-55E3-E339-9302C47BF72A} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.mp4e - C:\Windows\System32\MPEG4Evfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.25 19:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.07.25 18:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.25 18:20:12 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.25 18:20:08 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.22 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\*admin*\AppData\Roaming\PC Suite
[2011.07.18 19:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung PC Studio 3
[2011.07.09 11:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.07.05 20:47:23 | 000,000,000 | ---D | C] -- C:\Users\*admin*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AudioCon v1.0
[2011.07.05 20:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioCon v1.0
[2011.07.05 20:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Basement Softworks
[2011.07.04 15:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung S5230 Wallpaper Creator
[2011.07.04 14:48:22 | 000,000,000 | ---D | C] -- C:\Users\*admin*\Documents\NPS
[2011.07.04 14:44:27 | 000,000,000 | ---D | C] -- C:\Users\*admin*\Documents\My Art
[2011.07.04 14:29:57 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
[2011.07.04 14:29:57 | 000,098,432 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
[2011.07.04 14:29:57 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
[2011.07.04 14:29:57 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
[2011.07.04 14:29:57 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys
[2011.07.04 14:29:57 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
[2011.07.04 14:29:57 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys
[2011.07.04 14:27:46 | 000,000,000 | ---D | C] -- C:\Users\*admin*\{65149495-887c-4e76-9c8d-9ecbdc826756}
[2011.07.04 14:24:13 | 000,000,000 | ---D | C] -- C:\Users\*admin*\{7b373682-0225-406a-8128-c221bf3aba21}
[2011.07.04 13:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2011.07.04 13:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAnyContentSAFER
[2011.07.04 13:36:05 | 000,090,624 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2011.07.04 13:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011.07.04 13:36:00 | 000,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2011.07.04 13:35:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers
[2011.07.04 13:34:29 | 000,238,952 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2011.07.04 13:34:27 | 000,000,000 | ---D | C] -- C:\Users\*admin*\Documents\My NPS Files
[2011.07.04 13:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio
[2011.07.04 13:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011.07.04 13:21:53 | 000,000,000 | ---D | C] -- C:\Users\*admin*\Documents\SelfMV
[2011.07.04 13:05:39 | 000,000,000 | ---D | C] -- C:\Users\*admin*\AppData\Local\Samsung
[2011.07.04 13:05:01 | 000,000,000 | ---D | C] -- C:\Users\*admin*\Documents\samsung
[2011.07.04 13:01:46 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2011.07.04 13:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2011.07.04 13:00:33 | 000,000,000 | ---D | C] -- C:\Users\Caylee\AppData\Roaming\Samsung
[2011.07.04 13:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.07.03 19:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2011.07.03 19:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011.07.03 19:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2011.07.03 13:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Addon Mod
[2009.03.20 17:49:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.26 20:33:11 | 000,097,391 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.07.26 20:33:11 | 000,097,391 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.07.26 20:32:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.26 20:32:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.26 20:32:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.26 20:32:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.25 23:20:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.07.25 22:27:30 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.25 21:46:01 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.25 21:46:01 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.25 21:46:01 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.25 21:46:01 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.25 18:15:16 | 000,415,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.22 17:05:19 | 000,003,407 | ---- | M] () -- C:\Windows\wininit.ini
[2011.07.20 17:14:35 | 000,000,845 | ---- | M] () -- C:\Windows\ST4UNST.000
[2011.07.19 22:53:37 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.07.18 21:48:22 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.04 14:04:57 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011.07.04 13:30:46 | 000,030,720 | ---- | M] () -- C:\Users\*admin*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.22 23:16:32 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.22 23:16:30 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.20 17:14:31 | 000,000,845 | ---- | C] () -- C:\Windows\ST4UNST.000
[2011.07.18 19:42:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.07.04 14:04:57 | 000,002,898 | ---- | C] () -- C:\aqua_bitmap.cpp
[2011.07.04 13:34:29 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.07.04 13:34:29 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.01.05 00:58:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.02 16:57:35 | 000,025,262 | ---- | C] () -- C:\Windows\System32\xfisk.ini
[2011.01.02 16:57:35 | 000,000,052 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2011.01.02 16:57:24 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2011.01.02 16:57:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2011.01.02 16:57:23 | 000,128,512 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011.01.02 16:57:23 | 000,069,120 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.11.19 20:16:31 | 000,141,968 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.08.23 19:56:36 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.07.18 22:25:14 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.04.29 20:08:39 | 000,055,860 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.11.30 17:13:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.11.27 18:33:02 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2009.11.23 17:21:01 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.11.22 19:35:15 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.11.22 19:35:15 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.11.22 19:35:15 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.11.22 19:35:15 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.10.18 15:49:58 | 000,000,013 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.10.06 15:46:25 | 000,000,760 | ---- | C] () -- C:\Users\*admin*\AppData\Roaming\setup_ldm.iss
[2009.09.08 11:20:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.06 02:00:49 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe
[2009.09.06 01:24:41 | 000,030,720 | ---- | C] () -- C:\Users\*admin*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.04 19:05:27 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.03 16:31:09 | 000,000,076 | ---- | C] () -- C:\Windows\ricdb.ini
[2009.09.03 16:31:08 | 000,000,027 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2009.08.31 15:20:11 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.08.31 15:20:11 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.08.30 16:20:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.30 16:20:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.29 18:40:46 | 000,000,000 | ---- | C] () -- C:\Users\*admin*\AppData\Roaming\wklnhst.dat
[2009.08.29 16:57:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.08.29 14:55:35 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009.08.29 14:55:35 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
[2009.08.29 14:00:44 | 000,001,356 | ---- | C] () -- C:\Users\*admin*\AppData\Local\d3d9caps.dat
[2009.08.29 01:35:42 | 000,003,407 | ---- | C] () -- C:\Windows\wininit.ini
[2009.08.28 23:47:26 | 000,024,064 | ---- | C] () -- C:\Users\*admin*\AppData\Roaming\UserTile.png
[2009.04.19 01:21:31 | 000,097,391 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.04.19 01:21:25 | 000,097,391 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.04.19 01:01:10 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.04.19 01:01:10 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.04.19 01:01:10 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009.04.19 01:01:10 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.04.19 00:48:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009.04.19 00:48:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.04.19 00:48:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.03.25 09:17:25 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009.03.20 17:47:48 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN
[2009.03.20 17:47:48 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN
[2009.03.20 17:47:48 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN
[2009.03.20 17:47:48 | 000,000,189 | ---- | C] () -- C:\Windows\System32\AP6RMKS.BIN
[2009.03.20 17:47:48 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN
[2009.03.20 10:48:26 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009.03.20 10:48:26 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009.03.20 10:48:26 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.03.20 09:38:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.28 12:32:40 | 000,950,272 | ---- | C] () -- C:\Windows\System32\MPEG4Evfw.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.11 14:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.09.09 11:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll
[2008.09.09 11:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.05.21 20:46:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.03.12 13:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2008.01.21 09:15:58 | 000,634,352 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,128,464 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,415,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,601,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,105,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998.01.13 13:52:30 | 000,047,104 | ---- | C] () -- C:\Windows\System32\LOTRN13.DLL
 
========== LOP Check ==========
 
[2009.03.20 11:08:54 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Acer GameZone Console
[2011.06.03 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Alawar
[2009.09.06 10:58:10 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\avidemux
[2011.06.21 16:52:35 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Awem
[2009.11.22 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Blitware
[2009.08.29 20:32:40 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\DAEMON Tools
[2011.07.22 23:20:34 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\DAEMON Tools Lite
[2010.11.25 18:51:43 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\EleFun Games
[2009.09.03 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\foobar2000
[2011.02.18 01:30:00 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Friday's games
[2010.11.25 20:32:55 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\GameMill Entertainment
[2010.06.21 17:30:39 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Hansenet
[2009.10.06 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Leadertech
[2011.03.28 18:13:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\MobMapUpdater
[2011.03.26 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\NCH Swift Sound
[2009.08.28 22:58:04 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Opera
[2010.07.30 14:43:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Orneon
[2011.07.22 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PC Suite
[2010.08.22 00:48:22 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PeaceCraft2
[2009.08.28 23:47:26 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PeerNetworking
[2011.06.05 13:22:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PlayFirst
[2011.05.29 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PopCapv1006
[2009.08.29 19:48:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PowerCinema
[2010.08.17 16:18:14 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Princess Isabella
[2011.07.18 19:42:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Samsung
[2009.08.28 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\SoftDMA
[2009.08.29 18:42:17 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Template
[2010.04.09 15:18:56 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Thunderbird
[2010.08.21 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Top Evidence
[2009.08.29 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Trillian
[2009.11.30 14:39:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TSR
[2009.12.05 13:30:48 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TSRWorkshop
[2010.06.22 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TV-Browser
[2009.08.31 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Ubisoft
[2011.07.25 23:20:09 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.03.20 11:08:54 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Acer GameZone Console
[2009.08.28 20:40:49 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Adobe
[2011.06.03 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Alawar
[2009.09.06 10:58:10 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\avidemux
[2009.09.06 01:08:56 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\AVS4YOU
[2011.06.21 16:52:35 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Awem
[2009.11.22 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Blitware
[2010.10.30 19:37:56 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\CANON INC
[2009.08.28 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\CyberLink
[2009.08.29 20:32:40 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\DAEMON Tools
[2011.07.22 23:20:34 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\DAEMON Tools Lite
[2010.06.14 21:29:34 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\DivX
[2010.11.25 18:51:43 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\EleFun Games
[2009.09.03 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\foobar2000
[2011.02.18 01:30:00 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Friday's games
[2010.11.25 20:32:55 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\GameMill Entertainment
[2010.06.21 17:30:39 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Hansenet
[2009.08.28 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Identities
[2009.10.06 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Leadertech
[2009.08.28 20:24:41 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Macromedia
[2010.01.17 02:50:22 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Media Center Programs
[2011.07.04 14:43:52 | 000,000,000 | --SD | M] -- C:\Users\*admin*\AppData\Roaming\Microsoft
[2011.03.28 18:13:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\MobMapUpdater
[2010.04.10 10:22:55 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Mozilla
[2011.03.26 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\NCH Swift Sound
[2009.09.03 00:58:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Nero
[2009.08.28 22:58:04 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Opera
[2010.07.30 14:43:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Orneon
[2011.07.22 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PC Suite
[2010.08.22 00:48:22 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PeaceCraft2
[2009.08.28 23:47:26 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PeerNetworking
[2011.06.05 13:22:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PlayFirst
[2011.05.29 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PopCapv1006
[2009.08.29 19:48:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PowerCinema
[2010.08.17 16:18:14 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Princess Isabella
[2011.04.23 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Realore_Whiterra Roads Of Rome 2
[2011.07.18 19:42:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Samsung
[2010.09.18 12:10:18 | 000,000,000 | RH-D | M] -- C:\Users\*admin*\AppData\Roaming\SecuROM
[2011.01.05 00:58:13 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Skype
[2009.08.28 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\SoftDMA
[2010.04.09 15:19:01 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Talkback
[2009.09.04 10:32:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\teamspeak2
[2009.08.29 18:42:17 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Template
[2010.04.09 15:18:56 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Thunderbird
[2010.08.21 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Top Evidence
[2009.08.29 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Trillian
[2009.11.30 14:39:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TSR
[2009.12.05 13:30:48 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TSRWorkshop
[2010.06.22 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TV-Browser
[2009.08.31 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Ubisoft
[2011.06.06 22:01:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\vlc
[2009.08.31 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\WinRAR
[2010.10.30 19:37:10 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2009.10.06 15:46:30 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\*admin*\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2009.08.29 20:48:46 | 000,010,134 | R--- | M] () -- C:\Users\*admin*\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.07.04 14:04:06 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Users\*admin*\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
[2008.06.03 05:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008.06.03 05:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008.06.03 05:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008.06.03 05:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
[2009.08.29 01:36:45 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:E2CFA9CD
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:397D67BA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0988A428
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:AEBFFE08
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:880F0FEF

< End of report >

--- --- ---


:)

edit: Ach Biberkacke, ich habe in deinem Posting nicht gesehen, dass OTL.exe eine Anleitung enthält. Nun habe ich die "Standardeinstellungen" verwendet, also Minimal-Ausgabe und bei "Extra Registrierung" habe ich auch nicht "Benutze SafeList" angeklickt :(
Soll / Muss ich es noch mal ausführen?

cosinus 26.07.2011 21:00

Passt schon.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:E2CFA9CD
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:397D67BA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0988A428
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:AEBFFE08
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:880F0FEF
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Ivorya 27.07.2011 12:29

Hallo Cosinus,
gesagt, getan:

Code:

========== OTL ==========
ADS C:\ProgramData\Temp:E2CFA9CD deleted successfully.
ADS C:\ProgramData\Temp:397D67BA deleted successfully.
ADS C:\ProgramData\Temp:4DDE401B deleted successfully.
ADS C:\ProgramData\Temp:0988A428 deleted successfully.
ADS C:\ProgramData\Temp:AEBFFE08 deleted successfully.
ADS C:\ProgramData\Temp:880F0FEF deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.1 log created on 07272011_132852

Rechner wurde nicht neugestartet.

cosinus 27.07.2011 12:33

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Ivorya 27.07.2011 13:10

Anbei der Report:

Code:

2011/07/27 14:08:12.0349 4996        TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/27 14:08:12.0564 4996        ================================================================================
2011/07/27 14:08:12.0564 4996        SystemInfo:
2011/07/27 14:08:12.0564 4996       
2011/07/27 14:08:12.0564 4996        OS Version: 6.0.6002 ServicePack: 2.0
2011/07/27 14:08:12.0564 4996        Product type: Workstation
2011/07/27 14:08:12.0564 4996        ComputerName: *PcName*
2011/07/27 14:08:12.0564 4996        UserName: *admin*
2011/07/27 14:08:12.0564 4996        Windows directory: C:\Windows
2011/07/27 14:08:12.0564 4996        System windows directory: C:\Windows
2011/07/27 14:08:12.0564 4996        Processor architecture: Intel x86
2011/07/27 14:08:12.0564 4996        Number of processors: 2
2011/07/27 14:08:12.0564 4996        Page size: 0x1000
2011/07/27 14:08:12.0564 4996        Boot type: Normal boot
2011/07/27 14:08:12.0564 4996        ================================================================================
2011/07/27 14:08:13.0659 4996        Initialize success
2011/07/27 14:08:20.0197 4640        ================================================================================
2011/07/27 14:08:20.0197 4640        Scan started
2011/07/27 14:08:20.0197 4640        Mode: Manual;
2011/07/27 14:08:20.0197 4640        ================================================================================
2011/07/27 14:08:20.0817 4640        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/27 14:08:20.0867 4640        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/27 14:08:20.0892 4640        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/27 14:08:20.0917 4640        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/27 14:08:20.0972 4640        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/27 14:08:21.0042 4640        AF15BDA        (e5fa1b6ceb987b9d978e7d6e18f84268) C:\Windows\system32\drivers\AF15BDA.sys
2011/07/27 14:08:21.0092 4640        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/27 14:08:21.0137 4640        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/27 14:08:21.0167 4640        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/27 14:08:21.0207 4640        AlfaFF          (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\drivers\AlfaFF.sys
2011/07/27 14:08:21.0232 4640        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/27 14:08:21.0277 4640        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/27 14:08:21.0302 4640        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/27 14:08:21.0322 4640        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/27 14:08:21.0347 4640        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/27 14:08:21.0397 4640        ApfiltrService  (91b05bbb609c79d73e2332b6e5f99aea) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/27 14:08:21.0447 4640        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/27 14:08:21.0582 4640        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/27 14:08:21.0627 4640        ASPI            (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
2011/07/27 14:08:21.0657 4640        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/27 14:08:21.0702 4640        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/27 14:08:21.0752 4640        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/07/27 14:08:21.0807 4640        AVerAF15        (d99b2c8c5f2f6ef05590198b0fb4fa1a) C:\Windows\system32\Drivers\AVerAF15.sys
2011/07/27 14:08:21.0857 4640        b57nd60x        (7d06191c038836c6afe76eee7b2d0839) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/27 14:08:21.0912 4640        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/27 14:08:21.0962 4640        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/27 14:08:22.0027 4640        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/27 14:08:22.0057 4640        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/27 14:08:22.0077 4640        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/27 14:08:22.0107 4640        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/27 14:08:22.0127 4640        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/27 14:08:22.0142 4640        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/27 14:08:22.0157 4640        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/27 14:08:22.0207 4640        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/27 14:08:22.0237 4640        BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/27 14:08:22.0277 4640        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/27 14:08:22.0327 4640        BthPort        (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/07/27 14:08:22.0362 4640        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/27 14:08:22.0407 4640        btwaudio        (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
2011/07/27 14:08:22.0432 4640        btwavdt        (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2011/07/27 14:08:22.0457 4640        btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/27 14:08:22.0527 4640        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/27 14:08:22.0572 4640        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/27 14:08:22.0602 4640        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/27 14:08:22.0627 4640        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/27 14:08:22.0807 4640        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/27 14:08:22.0887 4640        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/27 14:08:22.0912 4640        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/27 14:08:22.0932 4640        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/27 14:08:22.0962 4640        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/27 14:08:23.0017 4640        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/27 14:08:23.0142 4640        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/27 14:08:23.0182 4640        DKbFltr        (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/07/27 14:08:23.0292 4640        DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/07/27 14:08:23.0377 4640        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/27 14:08:23.0437 4640        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/27 14:08:23.0482 4640        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/27 14:08:23.0532 4640        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/27 14:08:23.0572 4640        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/27 14:08:23.0627 4640        enecir          (c6fe855b5620e9c0c30bb808f24d3110) C:\Windows\system32\DRIVERS\enecir.sys
2011/07/27 14:08:23.0677 4640        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/27 14:08:23.0747 4640        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/27 14:08:23.0777 4640        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/27 14:08:23.0827 4640        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/27 14:08:23.0867 4640        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/27 14:08:23.0887 4640        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/27 14:08:23.0907 4640        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/27 14:08:23.0952 4640        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/27 14:08:24.0072 4640        FPSensor        (dff40790309c40d56d1cd5a9e8e5a5ce) C:\Windows\system32\Drivers\FPSensor.sys
2011/07/27 14:08:24.0142 4640        FsUsbExDisk    (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
2011/07/27 14:08:24.0187 4640        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/27 14:08:24.0217 4640        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/27 14:08:24.0325 4640        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/07/27 14:08:24.0357 4640        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/27 14:08:24.0388 4640        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/27 14:08:24.0419 4640        HidIr          (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/27 14:08:24.0450 4640        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/27 14:08:24.0481 4640        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/27 14:08:24.0528 4640        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/27 14:08:24.0575 4640        hwdatacard      (63b3eff36272787619c1e773ed581693) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/07/27 14:08:24.0622 4640        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/27 14:08:24.0653 4640        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/27 14:08:24.0684 4640        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/27 14:08:24.0715 4640        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/27 14:08:24.0745 4640        int15          (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
2011/07/27 14:08:24.0845 4640        IntcAzAudAddService (0c36a7de2b4e6ec301b98ae300547701) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/27 14:08:24.0928 4640        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/27 14:08:24.0959 4640        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/27 14:08:25.0021 4640        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/27 14:08:25.0068 4640        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/27 14:08:25.0099 4640        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/27 14:08:25.0115 4640        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/27 14:08:25.0131 4640        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/27 14:08:25.0162 4640        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/27 14:08:25.0177 4640        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/27 14:08:25.0193 4640        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/27 14:08:25.0255 4640        JMCR            (ddc2f92e0b24999d69b75307e2499095) C:\Windows\system32\DRIVERS\jmcr.sys
2011/07/27 14:08:25.0271 4640        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/27 14:08:25.0318 4640        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/27 14:08:25.0349 4640        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/27 14:08:25.0411 4640        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/27 14:08:25.0448 4640        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/07/27 14:08:25.0478 4640        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/27 14:08:25.0513 4640        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/27 14:08:25.0543 4640        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/27 14:08:25.0568 4640        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/27 14:08:25.0728 4640        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/27 14:08:25.0813 4640        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/27 14:08:25.0868 4640        LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/07/27 14:08:25.0908 4640        mbmiodrvr      (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
2011/07/27 14:08:25.0943 4640        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/27 14:08:25.0998 4640        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/27 14:08:26.0033 4640        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/27 14:08:26.0053 4640        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/27 14:08:26.0068 4640        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/27 14:08:26.0098 4640        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/27 14:08:26.0118 4640        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/27 14:08:26.0164 4640        MpFilter        (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/27 14:08:26.0211 4640        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/27 14:08:26.0320 4640        MpKsl7c0c5e35  (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13370541-F13C-45B8-AD6A-940F833F9788}\MpKsl7c0c5e35.sys
2011/07/27 14:08:26.0445 4640        MpNWMon        (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/27 14:08:26.0507 4640        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/27 14:08:26.0538 4640        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/27 14:08:26.0569 4640        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/27 14:08:26.0616 4640        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/27 14:08:26.0723 4640        mrxsmb10        (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/27 14:08:26.0743 4640        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/27 14:08:26.0783 4640        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/07/27 14:08:26.0818 4640        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/27 14:08:26.0858 4640        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/27 14:08:26.0893 4640        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/27 14:08:26.0918 4640        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/27 14:08:26.0953 4640        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/27 14:08:26.0973 4640        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/27 14:08:27.0023 4640        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/27 14:08:27.0048 4640        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/27 14:08:27.0068 4640        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/27 14:08:27.0093 4640        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/27 14:08:27.0133 4640        mwlPSDFilter    (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/07/27 14:08:27.0158 4640        mwlPSDNServ    (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/07/27 14:08:27.0183 4640        mwlPSDVDisk    (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/07/27 14:08:27.0233 4640        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/27 14:08:27.0283 4640        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/27 14:08:27.0328 4640        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/27 14:08:27.0353 4640        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/27 14:08:27.0403 4640        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/27 14:08:27.0433 4640        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/27 14:08:27.0463 4640        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/27 14:08:27.0498 4640        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/27 14:08:27.0618 4640        NETw5v32        (ddf0e12261d1e8e59f60e13c6e58fac9) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/07/27 14:08:27.0663 4640        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/27 14:08:27.0698 4640        NisDrv          (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/27 14:08:27.0738 4640        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/27 14:08:27.0768 4640        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/27 14:08:27.0813 4640        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/27 14:08:27.0883 4640        NTIDrvr        (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\Drivers\NTIDrvr.sys
2011/07/27 14:08:27.0928 4640        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/27 14:08:27.0953 4640        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/27 14:08:28.0188 4640        nvlddmkm        (dbec52785723580f8881832741ab8419) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/27 14:08:28.0263 4640        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/27 14:08:28.0283 4640        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/27 14:08:28.0318 4640        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/27 14:08:28.0398 4640        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/27 14:08:28.0433 4640        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/27 14:08:28.0453 4640        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/27 14:08:28.0478 4640        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/27 14:08:28.0513 4640        pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/07/27 14:08:28.0538 4640        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/27 14:08:28.0563 4640        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/07/27 14:08:28.0588 4640        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/27 14:08:28.0648 4640        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/27 14:08:28.0723 4640        PMEM            (2b85237f904c5bdf7ad386f0ede19bd3) C:\Windows\system32\drivers\pmemnt.sys
2011/07/27 14:08:28.0798 4640        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/27 14:08:28.0843 4640        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/27 14:08:28.0899 4640        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/27 14:08:28.0962 4640        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/27 14:08:28.0993 4640        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/27 14:08:29.0024 4640        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/27 14:08:29.0040 4640        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/27 14:08:29.0071 4640        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/27 14:08:29.0102 4640        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/27 14:08:29.0133 4640        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/27 14:08:29.0164 4640        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/27 14:08:29.0196 4640        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/27 14:08:29.0227 4640        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/27 14:08:29.0242 4640        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/27 14:08:29.0274 4640        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/27 14:08:29.0294 4640        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/27 14:08:29.0324 4640        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/27 14:08:29.0369 4640        RTHDMIAzAudService (4a8393f03cb2f40e08126d83916c5633) C:\Windows\system32\drivers\RtHDMIV.sys
2011/07/27 14:08:29.0394 4640        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/27 14:08:29.0434 4640        sdbus          (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/27 14:08:29.0459 4640        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/27 14:08:29.0484 4640        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/27 14:08:29.0509 4640        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/27 14:08:29.0539 4640        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/27 14:08:29.0594 4640        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/27 14:08:29.0619 4640        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/27 14:08:29.0649 4640        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/27 14:08:29.0674 4640        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/27 14:08:29.0699 4640        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/27 14:08:29.0729 4640        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/27 14:08:29.0764 4640        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/27 14:08:29.0814 4640        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/27 14:08:29.0849 4640        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/27 14:08:29.0894 4640        sptd            (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2011/07/27 14:08:29.0894 4640        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/07/27 14:08:29.0899 4640        sptd - detected LockedFile.Multi.Generic (1)
2011/07/27 14:08:29.0949 4640        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/27 14:08:29.0989 4640        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/27 14:08:30.0024 4640        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/27 14:08:30.0079 4640        ss_bbus        (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
2011/07/27 14:08:30.0124 4640        ss_bmdfl        (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
2011/07/27 14:08:30.0179 4640        ss_bmdm        (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
2011/07/27 14:08:30.0214 4640        StarOpen        (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/07/27 14:08:30.0274 4640        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/27 14:08:30.0304 4640        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/27 14:08:30.0324 4640        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/27 14:08:30.0354 4640        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/27 14:08:30.0399 4640        SynTP          (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/27 14:08:30.0482 4640        Tcpip          (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/07/27 14:08:30.0528 4640        Tcpip6          (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/27 14:08:30.0544 4640        tcpipreg        (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/27 14:08:30.0591 4640        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/27 14:08:30.0606 4640        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/27 14:08:30.0638 4640        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/27 14:08:30.0669 4640        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/27 14:08:30.0747 4640        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/27 14:08:30.0794 4640        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/27 14:08:30.0825 4640        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/27 14:08:30.0887 4640        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/27 14:08:30.0923 4640        UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/07/27 14:08:30.0968 4640        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/27 14:08:31.0048 4640        UimBus          (86da1d98c84d914855a0f995e71cf7a8) C:\Windows\system32\DRIVERS\UimBus.sys
2011/07/27 14:08:31.0068 4640        Uim_IM          (76365ef3698285f7ee4f947765c7289a) C:\Windows\system32\Drivers\Uim_IM.sys
2011/07/27 14:08:31.0098 4640        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/27 14:08:31.0123 4640        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/27 14:08:31.0148 4640        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/27 14:08:31.0178 4640        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/27 14:08:31.0203 4640        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/27 14:08:31.0238 4640        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/27 14:08:31.0270 4640        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/27 14:08:31.0301 4640        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/27 14:08:31.0332 4640        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/27 14:08:31.0363 4640        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/27 14:08:31.0379 4640        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/07/27 14:08:31.0410 4640        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/27 14:08:31.0426 4640        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/27 14:08:31.0457 4640        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/27 14:08:31.0504 4640        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/27 14:08:31.0535 4640        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/27 14:08:31.0613 4640        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/27 14:08:31.0690 4640        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/27 14:08:31.0715 4640        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/27 14:08:31.0835 4640        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/27 14:08:31.0890 4640        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/27 14:08:31.0920 4640        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/27 14:08:31.0940 4640        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/27 14:08:31.0985 4640        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/27 14:08:32.0010 4640        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 14:08:32.0020 4640        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 14:08:32.0045 4640        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/27 14:08:32.0070 4640        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/27 14:08:32.0150 4640        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/27 14:08:32.0190 4640        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/27 14:08:32.0235 4640        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/27 14:08:32.0315 4640        {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
2011/07/27 14:08:32.0360 4640        MBR (0x1B8)    (5586eabcc0d095db340d873e2b236896) \Device\Harddisk0\DR0
2011/07/27 14:08:32.0390 4640        Boot (0x1200)  (a0f2d91abe56871692340a0be611c4f6) \Device\Harddisk0\DR0\Partition0
2011/07/27 14:08:32.0415 4640        Boot (0x1200)  (a0026678b5b0682ef559f3f23a31627c) \Device\Harddisk0\DR0\Partition1
2011/07/27 14:08:32.0415 4640        ================================================================================
2011/07/27 14:08:32.0415 4640        Scan finished
2011/07/27 14:08:32.0415 4640        ================================================================================
2011/07/27 14:08:32.0425 2960        Detected object count: 1
2011/07/27 14:08:32.0425 2960        Actual detected object count: 1
2011/07/27 14:08:39.0352 2960        LockedFile.Multi.Generic(sptd) - User select action: Skip

1 suspicious file offensichtlich :(

edit: hatte beim zweiten Schritt nicht die Möglichkeit "cure" zu drücken, da gab es nur skip und unten dann continue.

cosinus 27.07.2011 13:30

Kannst du lassen, sptd ist ok.


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Ivorya 27.07.2011 16:46

Hallo Cosinus, hier der ComboFix-Log:

Code:

ComboFix 11-07-27.01 - *user* 27.07.2011  17:22:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3003.1631 [GMT 2:00]
ausgeführt von:: c:\users\*user*\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\msconfig.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\twain.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-06-27 bis 2011-07-27  ))))))))))))))))))))))))))))))
.
.
2011-07-27 15:30 . 2011-07-27 15:30        --------        d-----w-        c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30        --------        d-----w-        c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30        --------        d-----w-        c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30        --------        d-----w-        c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-07-27 15:19 . 2011-07-27 15:20        --------        d-----w-        C:\32788R22FWJFW
2011-07-27 11:28 . 2011-07-27 11:28        --------        d-----w-        C:\_OTL
2011-07-26 18:43 . 2011-07-26 18:43        28752        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13370541-F13C-45B8-AD6A-940F833F9788}\MpKsl7c0c5e35.sys
2011-07-26 18:43 . 2011-07-13 03:39        6881616        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13370541-F13C-45B8-AD6A-940F833F9788}\mpengine.dll
2011-07-25 17:54 . 2011-07-25 17:54        --------        d-----w-        c:\program files\ESET
2011-07-25 16:20 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 16:20 . 2011-07-06 17:52        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-07-22 18:52 . 2011-04-21 13:55        508416        ----a-w-        c:\windows\system32\drivers\bthport.sys
2011-07-22 18:52 . 2009-06-17 13:23        30208        ----a-w-        c:\windows\system32\drivers\BTHUSB.SYS
2011-07-22 18:52 . 2011-04-20 15:55        375808        ----a-w-        c:\windows\system32\winsrv.dll
2011-07-22 18:52 . 2011-04-20 15:50        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2011-07-22 18:51 . 2011-06-02 13:34        2043392        ----a-w-        c:\windows\system32\win32k.sys
2011-07-22 18:49 . 2011-04-29 15:59        276992        ----a-w-        c:\windows\system32\schannel.dll
2011-07-22 18:45 . 2011-07-22 18:45        --------        d-----w-        c:\users\*user*\AppData\Roaming\PC Suite
2011-07-21 15:38 . 2011-07-21 15:38        --------        d-----w-        c:\users\*user*\AppData\Roaming\Boolat Games
2011-07-20 15:14 . 2002-03-25 16:44        722192        ----a-w-        c:\windows\system32\VB40032.DLL
2011-07-20 15:14 . 2002-03-25 16:44        60416        ----a-w-        c:\windows\ST4UNST.EXE
2011-07-20 15:14 . 2002-03-25 16:44        171520        ----a-w-        c:\windows\setup132.exe
2011-07-05 18:47 . 2011-07-05 18:47        --------        d-----w-        c:\program files\Basement Softworks
2011-07-05 17:55 . 2011-07-05 17:55        --------        d-----w-        c:\users\*user*\dwhelper
2011-07-04 13:22 . 2011-07-04 13:22        --------        d-----w-        c:\users\*user*\AppData\Local\Oleg_Zhuk
2011-07-04 12:29 . 2010-04-27 02:25        98432        ----a-w-        c:\windows\system32\drivers\ss_bbus.sys
2011-07-04 12:29 . 2010-04-27 02:25        14848        ----a-w-        c:\windows\system32\drivers\ss_bmdfl.sys
2011-07-04 12:29 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\ss_bcmnt.sys
2011-07-04 12:29 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\ss_bcm.sys
2011-07-04 12:29 . 2010-04-27 02:25        123648        ----a-w-        c:\windows\system32\drivers\ss_bmdm.sys
2011-07-04 12:29 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\ss_bwhnt.sys
2011-07-04 12:29 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\ss_bwh.sys
2011-07-04 12:27 . 2011-07-04 12:28        --------        d-----w-        c:\users\*user*\{65149495-887c-4e76-9c8d-9ecbdc826756}
2011-07-04 12:24 . 2011-07-04 12:24        --------        d-----w-        c:\users\*user*\{7b373682-0225-406a-8128-c221bf3aba21}
2011-07-04 12:15 . 2011-07-18 19:48        --------        d-----w-        c:\users\*user*\AppData\Roaming\Samsung
2011-07-04 11:48 . 2011-07-04 11:48        --------        d-----w-        c:\programdata\PC Suite
2011-07-04 11:48 . 2011-07-04 11:48        --------        d-----w-        c:\users\*user*\AppData\Roaming\PC Suite
2011-07-04 11:36 . 2007-05-02 14:31        90624        ----a-w-        c:\windows\system32\nmwcdcls.dll
2011-07-04 11:36 . 2011-07-04 12:34        --------        d-----w-        c:\program files\Samsung
2011-07-04 11:36 . 2007-09-17 13:53        21632        ----a-w-        c:\windows\system32\drivers\pccsmcfd.sys
2011-07-04 11:35 . 2011-07-18 17:40        --------        d-----w-        c:\windows\system32\Samsung_USB_Drivers
2011-07-04 11:34 . 2010-07-29 07:50        238952        ----a-w-        c:\windows\system32\FsUsbExService.Exe
2011-07-04 11:34 . 2010-06-14 00:32        36608        ----a-w-        c:\windows\system32\FsUsbExDisk.Sys
2011-07-04 11:34 . 2009-03-31 07:39        110592        ----a-w-        c:\windows\system32\FsUsbExDevice.Dll
2011-07-04 11:33 . 2011-07-04 11:35        --------        d-----w-        c:\program files\PC Connectivity Solution
2011-07-04 11:05 . 2011-07-25 16:05        --------        d-----w-        c:\users\*user*\AppData\Local\Samsung
2011-07-04 11:01 . 2011-06-07 09:13        4659712        ----a-w-        c:\windows\system32\Redemption.dll
2011-07-04 11:01 . 2011-07-04 11:01        --------        d-----w-        c:\program files\MarkAny
2011-07-04 11:00 . 2011-07-18 17:42        --------        d-----w-        c:\users\*user*\AppData\Roaming\Samsung
2011-07-04 11:00 . 2011-07-25 16:05        --------        d-----w-        c:\programdata\Samsung
2011-07-03 17:06 . 2011-07-03 17:06        --------        d-----w-        c:\programdata\TomTom
2011-07-03 17:06 . 2011-07-03 17:06        --------        d-----w-        c:\users\*user*\AppData\Roaming\TomTom
2011-07-03 17:06 . 2011-07-03 17:06        --------        d-----w-        c:\users\*user*\AppData\Local\TomTom
2011-07-03 17:06 . 2011-07-03 17:06        --------        d-----w-        c:\program files\TomTom International B.V
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 20:11 . 2011-05-17 20:06        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:39 . 2011-06-10 19:47        6881616        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-07 09:13 . 2011-06-07 09:13        974848        ----a-w-        c:\windows\system32\cis-2.4.dll
2011-06-07 09:13 . 2011-06-07 09:13        81920        ----a-w-        c:\windows\system32\issacapi_bs-2.3.dll
2011-06-07 09:13 . 2011-06-07 09:13        65536        ----a-w-        c:\windows\system32\issacapi_pe-2.3.dll
2011-06-07 09:13 . 2011-06-07 09:13        57344        ----a-w-        c:\windows\system32\MTXSYNCICON.dll
2011-06-07 09:13 . 2011-06-07 09:13        57344        ----a-w-        c:\windows\system32\issacapi_se-2.3.dll
2011-06-07 09:13 . 2011-06-07 09:13        569344        ----a-w-        c:\windows\system32\muzdecode.ax
2011-06-07 09:13 . 2011-06-07 09:13        491520        ----a-w-        c:\windows\system32\muzapp.dll
2011-06-07 09:13 . 2011-06-07 09:13        49152        ----a-w-        c:\windows\system32\MaJGUILib.dll
2011-06-07 09:13 . 2011-06-07 09:13        45056        ----a-w-        c:\windows\system32\MaXMLProto.dll
2011-06-07 09:13 . 2011-06-07 09:13        40960        ----a-w-        c:\windows\system32\MTTELECHIP.dll
2011-06-07 09:13 . 2011-06-07 09:13        352256        ----a-w-        c:\windows\system32\MSLUR71.dll
2011-06-07 09:13 . 2011-06-07 09:13        24576        ----a-w-        c:\windows\system32\MASetupCleaner.exe
2011-06-07 09:13 . 2011-06-07 09:13        200704        ----a-w-        c:\windows\system32\muzwmts.dll
2011-06-07 09:13 . 2011-06-07 09:13        155648        ----a-w-        c:\windows\system32\MSFLib.dll
2011-06-07 09:13 . 2011-06-07 09:13        143360        ----a-w-        c:\windows\system32\3DAudio.ax
2011-06-07 09:13 . 2011-06-07 09:13        135168        ----a-w-        c:\windows\system32\muzaf1.dll
2011-06-07 09:13 . 2011-06-07 09:13        131072        ----a-w-        c:\windows\system32\muzmpgsp.ax
2011-06-07 09:13 . 2011-06-07 09:13        122880        ----a-w-        c:\windows\system32\muzeffect.ax
2011-06-07 09:13 . 2011-06-07 09:13        118784        ----a-w-        c:\windows\system32\MaDRM.dll
2011-06-07 09:13 . 2011-06-07 09:13        110592        ----a-w-        c:\windows\system32\muzmp4sp.ax
2011-06-07 09:13 . 2011-06-07 09:13        57344        ----a-w-        c:\windows\system32\MK_Lyric.dll
2011-06-07 09:13 . 2011-06-07 09:13        45056        ----a-w-        c:\windows\system32\MACXMLProto.dll
2011-06-07 09:13 . 2011-06-07 09:13        40960        ----a-w-        c:\windows\system32\MAMACExtract.dll
2011-06-07 09:13 . 2011-06-07 09:13        258048        ----a-w-        c:\windows\system32\muzoggsp.ax
2011-06-07 09:13 . 2011-06-07 09:13        245760        ----a-w-        c:\windows\system32\MSCLib.dll
2011-05-20 14:53 . 2011-01-01 15:27        0        ----a-w-        c:\windows\system32\ConduitEngine.tmp
2011-05-09 20:46 . 2011-06-09 14:58        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F43801EB-C9D0-4695-A163-5AF7793BDF79}\mpengine.dll
2011-05-04 02:52 . 2010-05-09 12:29        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-05-02 17:16 . 2011-06-14 19:43        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-14 19:43        146432        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-14 19:43        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-14 19:42        214016        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-14 19:42        79872        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-14 19:42        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2007-03-12 16:59 . 2007-03-12 16:59        299008        ----a-w-        c:\program files\navigram_register.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 11:05        40496        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="d:\progz\TomTom\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"AutoStartNPSAgent"="d:\progz\Samsung PC Studio\NPSAgent.exe" [2010-07-29 95576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-18 1430824]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-02-20 3553280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-23 204800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-12 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-12 153624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-24 13797920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\*user*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Start Extensions for Windows.lnk - d:\progz\Extensions\ExtensionsServer.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
Lotus Organizer EasyClip.lnk - d:\progz\Lotus\org6\organize\EASYCLIP6.EXE [2009-9-24 229433]
SetPointII.lnk - d:\progz\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^*user*^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\*user*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59        937920        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2009-03-11 13:19        156968        ------w-        c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2009-04-11 17:31        249600        ----a-w-        c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-03-11 13:19        202024        ------w-        c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51        691656        ----a-w-        d:\progz\Deamon\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07        1828136        ----a-w-        c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2008-10-27 11:05        346672        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29        2221352        ----a-w-        d:\progz\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2009-03-05 12:29        173288        ------w-        c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28        1233920        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
R1 MpKsl7bb49d39;MpKsl7bb49d39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DA789E0-8613-492F-B724-D376A8580856}\MpKsl7bb49d39.sys [x]
R1 MpKsla4d62049;MpKsla4d62049;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFBCA51B-1FA9-44D2-A35B-A10634187884}\MpKsla4d62049.sys [x]
R1 MpKslca0eafd4;MpKslca0eafd4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D4DB624-3B39-41B8-93F2-84B231F06D25}\MpKslca0eafd4.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-07-04 280448]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-02 79360]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-07-10 42608]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-28 721904]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-03-06 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2009-04-18 26928]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-29 238952]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-02-20 3440640]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S2 TomTomHOMEService;TomTomHOMEService;d:\progz\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-11-03 223232]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2005-12-18 57856]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-02-25 112992]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-30 3715072]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 90433341
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - MPKSL7C0C5E35
*NewlyCreated* - MPKSLE1D20C56
*Deregistered* - 90433341
*Deregistered* - MpKsle1d20c56
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 21:16]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 21:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5935
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - d:\progz\Lotus\org6\organize\bandobjs.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8079C50A-AF5F-4DA2-93C8-1A0A68874DBE}: NameServer = 213.191.74.19 62.109.123.197
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\*user*\AppData\Roaming\Mozilla\Firefox\Profiles\yerqz0l7.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{662f5b27-1a14-48d4-b9b6-69b111d6cfde} - (no file)
WebBrowser-{662F5B27-1A14-48D4-B9B6-69B111D6CFDE} - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-01_Simmental - d:\progz\Samsung PC Studio\USB Treiber\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\progz\Samsung PC Studio\USB Treiber\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\progz\Samsung PC Studio\USB Treiber\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\progz\Samsung PC Studio\USB Treiber\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - d:\progz\Samsung PC Studio\USB Treiber\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - d:\progz\Samsung PC Studio\USB Treiber\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - d:\progz\Samsung PC Studio\USB Treiber\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - d:\progz\Samsung PC Studio\USB Treiber\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - d:\progz\Samsung PC Studio\USB Treiber\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\progz\Samsung PC Studio\USB Treiber\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - d:\progz\Samsung PC Studio\USB Treiber\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - d:\progz\Samsung PC Studio\USB Treiber\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - d:\progz\Samsung PC Studio\USB Treiber\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - d:\progz\Samsung PC Studio\USB Treiber\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - d:\progz\Samsung PC Studio\USB Treiber\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - d:\progz\Samsung PC Studio\USB Treiber\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - d:\progz\Samsung PC Studio\USB Treiber\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - d:\progz\Samsung PC Studio\USB Treiber\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - d:\progz\Samsung PC Studio\USB Treiber\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - d:\progz\Samsung Kies\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - d:\progz\Samsung Kies\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-27 17:30
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-59915249-1296444255-759154618-1000\Software\SecuROM\License information*]
"datasecu"=hex:f9,ad,25,23,a0,c3,c7,1c,3f,69,13,f0,f1,8c,6d,e0,65,2e,b9,24,f8,
  5c,9c,74,81,82,74,b2,7c,fb,04,ed,d4,b5,d2,03,25,d4,8b,45,37,4c,55,01,a5,60,\
"rkeysecu"=hex:31,65,33,ba,bb,a6,0b,9e,13,d7,17,df,5c,16,49,bc
.
[HKEY_USERS\S-1-5-21-59915249-1296444255-759154618-1002\Software\SecuROM\License information*]
"datasecu"=hex:f5,7f,ae,9b,85,ec,52,bc,96,41,1b,18,15,2f,0a,76,ef,2d,5d,2b,08,
  8e,1d,99,6f,1f,0b,86,e7,9f,32,72,82,aa,20,e2,cd,55,78,e8,be,fe,be,e7,f6,53,\
"rkeysecu"=hex:ca,20,22,7c,fa,ce,9a,c9,35,fd,ad,ef,e6,b9,49,f3
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-07-27  17:32:34
ComboFix-quarantined-files.txt  2011-07-27 15:32
ComboFix2.txt  2010-07-24 07:54
.
Vor Suchlauf: 20 Verzeichnis(se), 53.538.922.496 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 53.535.100.928 Bytes frei
.
- - End Of File - - 7413378278DA3161862A5192893C38D6

MSE habe ich per "Prozess beenden" beenden können, aber ComboFix hat trotzdem rumgemault und dann weitergemacht. Scheint (?) ja geklappt zu haben.

cosinus 28.07.2011 09:47

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


Ivorya 28.07.2011 12:56

Hallo Cosinus,

anbei GMER und OSAM. aswMBR muss ich noch machen, aber ich muss jetzt wieder ins Büro und reiche den Log dann später nach.

GMER:
Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-28 13:23:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-22ZAT0 rev.01.01A01
Running: g8ds557p.exe; Driver: C:\Users\*user*\AppData\Local\Temp\uwloqpod.sys


---- System - GMER 1.0.15 ----

INT 0x62  ?                                                                                                                                            86923BF8
INT 0x72  ?                                                                                                                                            86923BF8
INT 0x82  ?                                                                                                                                            84F25BF8
INT 0x82  ?                                                                                                                                            84F25BF8
INT 0x82  ?                                                                                                                                            84F25BF8
INT 0x82  ?                                                                                                                                            84F25BF8
INT 0x82  ?                                                                                                                                            86923BF8
INT 0x82  ?                                                                                                                                            84F25BF8
INT 0x92  ?                                                                                                                                            86923BF8
INT 0xB2  ?                                                                                                                                            84F24BF8
INT 0xB2  ?                                                                                                                                            84F24BF8
INT 0xB2  ?                                                                                                                                            84F24BF8
INT 0xB2  ?                                                                                                                                            84F24BF8
INT 0xB3  ?                                                                                                                                            86923BF8

---- Kernel code sections - GMER 1.0.15 ----

?        System32\Drivers\spau.sys                                                                                                                    Das System kann den angegebenen Pfad nicht finden. !
.text    USBPORT.SYS!DllUnload                                                                                                                        8EF9241B 5 Bytes  JMP 869231D8
.text    avu3wjs1.SYS                                                                                                                                  8A5C3000 22 Bytes  [82, E3, 41, 82, 6C, E2, 41, ...]
.text    avu3wjs1.SYS                                                                                                                                  8A5C3017 137 Bytes  [00, 32, A7, 79, 80, 3D, A5, ...]
.text    avu3wjs1.SYS                                                                                                                                  8A5C30A1 43 Bytes  [30, 4F, 82, 74, 26, 49, 82, ...]
.text    avu3wjs1.SYS                                                                                                                                  8A5C30CE 10 Bytes  [00, 00, 00, 00, 00, 00, 02, ...]
.text    avu3wjs1.SYS                                                                                                                                  8A5C30DA 12 Bytes  [00, 00, 02, 00, 00, 00, 24, ...]
.text    ...                                                                                                                                         
.text    C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                        section is writeable [0xAE850300, 0x3B6D8, 0xE8000020]
.text    C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                        section is writeable [0xAE8A4300, 0x1BEE, 0xE8000020]
.text    C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                        section is writeable [0xAE9BC000, 0x2892, 0xE8000020]
.vmp2    C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                        entry point in ".vmp2" section [0xAE9DF050]
?        C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                                    Das System kann die angegebene Datei nicht finden. !
?        C:\Users\*user*\AppData\Local\Temp\catchme.sys                                                                                                Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text    C:\Windows\Explorer.EXE[1436] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                                                                    75C4B37C 4 Bytes  [B0, 22, 00, 10] {MOV AL, 0x22; ADD [EAX], DL}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                    [806906D6] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                      [80690042] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                              [80690800] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                                                    [806900C0] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                              [8069013E] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                            [8069FE9C] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortNotification]                                                                    CC358B04
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortWritePortUchar]                                                                  838A5E8F
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortWritePortUlong]                                                                  458B38C6
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                              A5A5A514
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                  100D8BA5
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                            5F8A5E60
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                  30810889
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortStallExecution]                                                                  54771129
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetParentBusType]                                                                10C25D5E
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortRequestCallback]                                                                8B55CC00
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                          084D8BEC
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                            0CF0918B
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortCompleteRequest]                                                                458B0000
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortMoveMemory]                                                                      8B108910
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                      000CF491
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                          04508900
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                            053C7980
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReadPortUshort]                                                                  560C558B
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                            C6127557
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortInitialize]                                                                      B18D0502
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                  00000CF8
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                              A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                        [72F77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                          [72FCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                      [72F7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                [72F6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                          [72F775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                      [72F6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                          [72FA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                              [72F7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                      [72F6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                      [72F6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                        [72F671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                [72FFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                  [72F9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                      [72F6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                [72F66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                              [72F6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                  [72F72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                  [10002480] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                      [10001DA0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                                [100027D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                  [10001290] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT      C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2572] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [00B41210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                                                        858C71F8
Device    \Driver\volmgr \Device\VolMgrControl                                                                                                          858C31F8
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                                              869FA500
Device    \Driver\usbehci \Device\USBPDO-2                                                                                                              869B21F8
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBPDO-5                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBPDO-6                                                                                                              869FA500
Device    \Driver\volmgr \Device\HarddiskVolume1                                                                                                        858C31F8
Device    \Driver\usbehci \Device\USBPDO-7                                                                                                              869B21F8
Device    \Driver\sptd \Device\1268831978                                                                                                              spau.sys
Device    \Driver\volmgr \Device\HarddiskVolume2                                                                                                        858C31F8
Device    \Driver\cdrom \Device\CdRom0                                                                                                                  869AE1F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                  858C51F8
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                                            858C51F8
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                                            858C51F8
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                                            858C51F8
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                                            858C51F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                                                  858C51F8
Device    \Driver\msahci \Device\Ide\PciIde0Channel0                                                                                                    858C61F8
Device    \Driver\msahci \Device\Ide\PciIde0Channel1                                                                                                    858C61F8
Device    \Driver\msahci \Device\Ide\PciIde0Channel4                                                                                                    858C61F8
Device    \Driver\msahci \Device\Ide\PciIde0Channel5                                                                                                    858C61F8
Device    \Driver\volmgr \Device\HarddiskVolume3                                                                                                        858C31F8
Device    \Driver\cdrom \Device\CdRom1                                                                                                                  869AE1F8
Device    \Driver\volmgr \Device\HarddiskVolume4                                                                                                        858C31F8
Device    \Driver\netbt \Device\NetBt_Wins_Export                                                                                                      88BE61F8
Device    \Driver\PCI_PNP1773 \Device\00000078                                                                                                          spau.sys
Device    \Driver\netbt \Device\NetBT_Tcpip_{D934D041-87F7-4D29-8E54-3F06F391E598}                                                                      88BE61F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{59070B74-A9BA-4839-B4A8-49B99D46C801}                                                                      88BE61F8
Device    \Driver\Smb \Device\NetbiosSmb                                                                                                                88BBB1F8
Device    \Driver\iScsiPrt \Device\RaidPort0                                                                                                            86F49500
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                                              869FA500
Device    \Driver\usbehci \Device\USBFDO-2                                                                                                              869B21F8
Device    \Driver\usbuhci \Device\USBFDO-3                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBFDO-4                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBFDO-5                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBFDO-6                                                                                                              869FA500
Device    \Driver\usbehci \Device\USBFDO-7                                                                                                              869B21F8
Device    \Driver\JMCR \Device\Scsi\JMCR1                                                                                                              869C81F8
Device    \Driver\JMCR \Device\Scsi\JMCR2                                                                                                              869C81F8
Device    \Driver\JMCR \Device\Scsi\JMCR3                                                                                                              869C81F8
Device    \Driver\avu3wjs1 \Device\Scsi\avu3wjs11Port9Path0Target0Lun0                                                                                  869CB1F8
Device    \Driver\JMCR \Device\Scsi\JMCR4                                                                                                              869C81F8
Device    \Driver\avu3wjs1 \Device\Scsi\avu3wjs11                                                                                                      869CB1F8
Device    \FileSystem\cdfs \Cdfs                                                                                                                        869811F8

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d@0017d5950b35                                                      0x6E 0x79 0xBC 0xD8 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d@e0a6709e7039                                                      0x25 0x68 0x79 0x13 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d@2013e033abd7                                                      0x43 0x9A 0xC6 0x7A ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                            771343423
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                            285507792
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                          D:\Progz\Deamon\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                        0x3C 0xD2 0xF4 0x02 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                  0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                              0xB5 0x32 0x20 0x17 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                               
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                          0xF9 0x9F 0x5F 0x81 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d (not active ControlSet)                                             
Reg      HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d@0017d5950b35                                                          0x6E 0x79 0xBC 0xD8 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d@e0a6709e7039                                                          0x25 0x68 0x79 0x13 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d@2013e033abd7                                                          0x43 0x9A 0xC6 0x7A ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                         
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                              D:\Progz\Deamon\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                              0
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                            0x3C 0xD2 0xF4 0x02 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                               
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                      0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                  0xB5 0x32 0x20 0x17 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                           
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                              0xF9 0x9F 0x5F 0x81 ...

---- EOF - GMER 1.0.15 ----

OSAM:
Code:

OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:33:41 on 28.07.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files\Creative\AudioCS\CTAudCS.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - D:\Progz\Nero 8\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Advanced SCSI Programming Interface Driver" (ASPI) - ? - C:\Windows\System32\DRIVERS\ASPI32.sys
"AlfaFF" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\drivers\AlfaFF.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avu3wjs1" (avu3wjs1) - "Microsoft Corporation" - C:\Windows\system32\drivers\avu3wjs1.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"catchme" (catchme) - ? - C:\Users\*user*\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"mbmiodrvr" (mbmiodrvr) - "cansoft@livewiredev.com" - C:\Windows\system32\mbmiodrvr.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MpKsl7bb49d39" (MpKsl7bb49d39) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DA789E0-8613-492F-B724-D376A8580856}\MpKsl7bb49d39.sys  (File not found)
"MpKsl932da868" (MpKsl932da868) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7EC26FFF-04EF-4510-823E-7E257CF82CE0}\MpKsl932da868.sys
"MpKsla4d62049" (MpKsla4d62049) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFBCA51B-1FA9-44D2-A35B-A10634187884}\MpKsla4d62049.sys  (File not found)
"MpKslca0eafd4" (MpKslca0eafd4) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D4DB624-3B39-41B8-93F2-84B231F06D25}\MpKslca0eafd4.sys  (File not found)
"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys
"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys
"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys
"PMEM" (PMEM) - "Microsoft Corporation" - C:\Windows\system32\drivers\pmemnt.sys
"Power Control [2009/04/19 01:16:11]" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - ? - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys
"uwloqpod" (uwloqpod) - ? - C:\Users\*user*\AppData\Local\Temp\uwloqpod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Progz\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{EC654325-1273-C2A9-2B7C-45D29BCE68FB} "Deskscapes" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "EgisTec Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\FPLaunchCache.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - D:\Progz\Nero 8\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Progz\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Progz\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Progz\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Progz\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Progz\WinRar\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{6E718D87-6909-4FCE-92D4-EDCB2F725727} "Navigram Control" - "Navigram" - C:\PROGRA~1\Navigram\NAVIGR~1\navigram.ocx / hxxp://www.navigram.com/engine/v1111/Navigram.cab
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\Windows\Downloaded Program Files\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"Quick-Launch Area" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\PwdBank.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{85E0B172-04FA-11D1-B7DA-00A0C90348D6} "Web Entry" - ? - D:\Progz\Lotus\org6\organize\bandobjs.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{CE7C3CF0-4B15-11D1-ABED-709549C10000} "IEHlprObj Class" - ? - D:\Progz\Lotus\org6\organize\iehelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*user*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Lotus Organizer EasyClip.lnk" - "Lotus Development Corporation" - D:\Progz\Lotus\org6\organize\EASYCLIP6.EXE  (Shortcut exists | File exists)
"SetPointII.lnk" - "Logitech Inc." - D:\Progz\Logitech\SetPoint II\SetpointII.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - D:\Progz\Samsung PC Studio\NPSAgent.exe
"ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
"TomTomHOME.exe" - "TomTom" - "D:\Progz\TomTom\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"EgisTecLiveUpdate" - "EgisTec Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"VitaKeyPdtWzd" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\PdtWzd.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"RICOH Language Monitor2" - "RICOH CO.,Ltd." - C:\Windows\system32\rc4mon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%systemroot%\system32\SearchIndexer.exe,-103" (WSearch) - ? - C:\Windows\system32\SearchIndexer.exe /Embedding  (File not found)
"@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
"Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
"EgisTec Service" (IGBASVC) - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\BASVC.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"MyWinLocker Service" (MWLService) - "EgisTec Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - D:\Progz\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - D:\Progz\TomTom\TomTom HOME 2\TomTomHOMEService.exe

===[ Logfile end ]=========================================[ Logfile end ]===


--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Wie gesagt, aswMBR folgt dann!

Ivorya 28.07.2011 15:26

So, hier aswMBR:

Code:

aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-28 13:36:55
-----------------------------
13:36:55.001    OS Version: Windows 6.0.6002 Service Pack 2
13:36:55.001    Number of processors: 2 586 0x170A
13:36:55.001    ComputerName: *PcName* UserName: *user*
13:36:56.598    Initialize success
13:38:14.063    AVAST engine defs: 11072800
13:38:35.877    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:38:35.882    Disk 0 Vendor: WDC_WD5000BEVT-22ZAT0 01.01A01 Size: 476940MB BusType: 3
13:38:36.642    Disk 0 MBR read successfully
13:38:36.642    Disk 0 MBR scan
13:38:36.647    Disk 0 unknown MBR code
13:38:37.352    Disk 0 scanning sectors +976771072
13:38:37.754    Disk 0 scanning C:\Windows\system32\drivers
13:39:55.087    Service scanning
13:39:55.811    Service MpKsl932da868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7EC26FFF-04EF-4510-823E-7E257CF82CE0}\MpKsl932da868.sys **LOCKED** 32
13:39:55.816    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:39:55.876    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:39:56.426    Modules scanning
13:41:33.125    Disk 0 trace - called modules:
13:41:33.230    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x858c51f8]<<
13:41:33.245    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b54730]
13:41:33.260    3 CLASSPNP.SYS[8a7a58b3] -> nt!IofCallDriver -> [0x859d3390]
13:41:33.275    5 acpi.sys[805c16bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8598eb98]
13:41:33.290    \Driver\atapi[0x85976b50] -> IRP_MJ_CREATE -> 0x858c51f8
13:41:34.105    AVAST engine scan C:\Windows
13:42:51.101    AVAST engine scan C:\Windows\system32
13:57:06.635    AVAST engine scan C:\Windows\system32\drivers
13:59:18.456    AVAST engine scan C:\Users\*user*
14:16:26.840    AVAST engine scan C:\ProgramData
14:30:23.140    Scan finished successfully
16:25:06.994    Disk 0 MBR has been saved successfully to "C:\Users\*user*\Desktop\MBR.dat"
16:25:06.994    The log file has been saved successfully to "C:\Users\*user*\Desktop\aswMBR.txt"

*knicks mach*

cosinus 28.07.2011 15:40

Zitat:

13:38:36.647 Disk 0 unknown MBR code
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten)

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

Ivorya 28.07.2011 17:49

Hallo Cosinus,

mein Vista ist das einzige Betriebssystem und war bei Kauf des Laptops vorinstalliert, ich habe also keine Recovery-CD oder DVD, ich glaube aber von Acer ist irgendwas hilfreiches in der Art vorinstalliert zur Recovery, und wenn nicht das, dann zumindest zur Datensicherung.

Das werde ich aber erst am Wochenende machen können, morgen ist der letzte Tag vorm Urlaub, Schreibtisch platzt :D

Sobald geschehen, melde ich mich!

Ivorya 02.08.2011 08:55

Hallo,

ich hab soweit alle Daten gesichert und muss jetzt die ISO brennen, dafür brauch ich Rohlinge, muss ich noch besorgen hab grad keine da. Ich fahre heute Nacht für eine Woche in den Urlaub und melde mich dann danach. Wollte Bescheid sagen, nicht, dass du denkst, ich kümmere mich nicht weiter.

Bis dahin eine schöne Woche!


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131