Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC stürzt bei Combofix nach der Hälfte mit Bluescreen ab! (https://www.trojaner-board.de/93382-pc-stuerzt-combofix-haelfte-bluescreen-ab.html)

marble 01.12.2010 14:11
PC stürzt bei Combofix nach der Hälfte mit Bluescreen ab!
 
Hallo,

ich hoffe ich mache das hier alles richtig.

Problembeschreibung:

Ich habe seit einer Woche das Problem, dass alles an meinem PC funktioniert, nur die Seite kino.to nicht lädt. bzw lädt aber dann weiß bleibt...

nun hab ich mich mit andern unterhalten und sie rieten mir, firefox neu zu installieren -> getan! sogar mit neuem profil.

dann openDNS eingestellt und IE, firefox und dns-cache geleert. aber es passiert nichts.

dann mal antivirenprogramm laufen gelassen, danach malwarebytes und spybot. alles nichts gefunden.


dann wollte ich combofix laufen lassen. hab firewalls und antivirenprogramm ausgemacht. combofix an und es lief.

das problem: nach 5 min stürzte der pc ab, ein bluescreen trat auf und windows startete sich neu!

ich schätze dass das nicht so sein soll. jetzt weiß ich aber nicht, ob ich wirklich irgendetwas auf dem pc habe.
ich hab aber auch keine lust alles zu formatieren!

wer kann damit etwas anfangen?

gruß

cosinus 01.12.2010 20:35
Hallo und :hallo:

Zitat:
nur die Seite kino.to nicht lädt.
Sei doch froh. kino.to ist eine bekannte Malwareschleuder. :pfeiff:

Zitat:
dann wollte ich combofix laufen lassen
Warum führst Du auf eigene Faust Combofix auf? Das sollst Du erst auf Anweisung hin ausführen - so steht es jedenfalls überall hier dick und fett, unübersehbar! :balla:


Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

marble 01.12.2010 20:45
das kommt wohl davon, dass ich nirgendswo gelesen habe, dass combofix nur unter aufsicht ausgeführt werden soll :rolleyes: im sry!

ich werd mich nach der anleitung richten. aber da ich persönlich keine ahnung habe, was ich da dann poste, verlasse ihc mich da ganz auf eure hilfe...

marble 01.12.2010 21:36
hier die log datei von malwarebytes.

die sieht mir aber etwas kurz aus. is die richtig so?

edit:
ich weiß nich ob ich das als anhang machen sollte.
ich kopier den text besser ma hier rein:




Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5228

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.12.2010 21:24:03
mbam-log-2010-12-01 (21-24-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 260009
Laufzeit: 42 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 01.12.2010 21:46
Malwarebytes hat nichts gefunden? Auch in allen vorherigen Scan nichts?

marble 01.12.2010 21:47
Ich würde den bericht ja nicht verfälschen!
es sind in beiden berichten nichts zu finden!


ich hab noch die logfiles von OTL hier.
wie poste ich die am besten?

cosinus 01.12.2010 21:54
Zitat:
Ich würde den bericht ja nicht verfälschen!
Das hab ich auch nicht gesagt. Ich wollte nur wissen ob du noch andere (ältere) Logs hast von Malwarebytes wo Funde dabei waren. Ich hab es hier nämlich schon so oft erlebt, dass hier die Frager solche Logs weglassen und ich erst sowas auf Nachfrage hin bekomm wenn mir das komisch vorkommt (also massive Probleme aber Null Funde in den Logs)

marble 01.12.2010 22:58
also ich hoffe das hier jetzt richtig zu machen:

OTL
Code:
OTL logfile created on: 01.12.2010 21:39:35 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Users\...\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,92 Gb Total Space | 115,41 Gb Free Space | 51,54% Space Free | Partition Type: NTFS
Drive D: | 8,97 Gb Total Space | 8,88 Gb Free Space | 99,07% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\...\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe File not found
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (EagleNT) -- C:\Users\...~1\AppData\Local\Temp\EagleNT.sys File not found
DRV - (catchme) -- C:\Users\...~1\AppData\Local\Temp\catchme.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETwNs32) ___ Intel(R) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (johci) -- C:\Windows\system32\DRIVERS\johci.sys (JMicron )
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (RTL2832U_IRHID) -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (RTL2832UUSB) -- C:\Windows\System32\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UBDA) -- C:\Windows\System32\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (iscFlash) -- C:\swsetup\sp45138\iscflash.sys (Insyde Software)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 DC 68 71 89 DD CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.30 16:32:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.30 16:32:02 | 000,000,000 | ---D | M]
 
[2010.11.30 16:32:21 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2010.11.30 16:32:21 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tvicafjp.default\extensions
[2010.11.30 16:34:38 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\yqsjzsks.Christoph\extensions
[2010.11.30 16:32:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.11.06 21:46:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.01 21:09:42 | 000,001,021 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programme\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programme\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Programme\WOT\WOT.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IR_SERVER] C:\Program Files\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: QuickLaunchEnabled = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kino.to ([]https in Vertrauenswürdige Sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programme\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.01 21:37:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2010.12.01 13:11:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.12.01 13:05:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.12.01 13:05:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.12.01 13:05:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.12.01 13:05:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.12.01 13:05:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.12.01 13:05:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.12.01 13:03:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.11.30 19:45:56 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.11.30 19:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.11.30 19:41:21 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Malwarebytes
[2010.11.30 19:41:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.30 19:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.30 19:41:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.30 19:41:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.30 13:18:01 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Intel
[2010.11.30 13:16:33 | 000,000,000 | ---D | C] -- C:\Programme\Cisco
[2010.11.30 13:16:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Intel
[2010.11.30 13:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010.11.30 11:58:18 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.11.30 11:58:18 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.11.30 11:58:18 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.11.30 11:58:18 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.11.30 11:58:18 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.11.30 11:58:18 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.11.30 11:58:18 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322050.dll
[2010.11.30 11:58:18 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322030.dll
[2010.11.30 11:58:18 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2010.11.30 11:58:18 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.11.30 11:58:18 | 000,123,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2010.11.30 11:58:18 | 000,065,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll
[2010.11.30 11:58:18 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.11.30 11:58:18 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2010.11.30 11:58:18 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.11.20 19:22:01 | 000,000,000 | ---D | C] -- C:\Programme\Veetle
[2010.11.20 11:26:39 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\biochemie
[2010.11.06 21:46:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.11.06 21:46:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.11.06 21:46:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.11.06 21:46:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.11.05 21:29:09 | 000,000,000 | ---D | C] -- C:\Programme\ICQ Update Patch
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.01 21:38:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2010.12.01 21:04:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.01 17:46:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.01 16:06:02 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.01 16:06:02 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.01 16:06:02 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.01 16:06:02 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.01 14:57:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.01 14:57:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.01 14:52:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.01 14:51:39 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.01 13:10:55 | 362,036,352 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.01 13:01:53 | 003,983,181 | R--- | M] () -- C:\Users\...\Desktop\ComboFix.exe
[2010.11.30 16:32:05 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.11.30 13:21:20 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2010.11.30 11:44:36 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\DriverEasy.lnk
[2010.11.29 22:53:22 | 000,017,408 | ---- | M] () -- C:\Users\...\AppData\Local\WebpageIcons.db
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.25 22:15:39 | 155,752,448 | ---- | M] () -- C:\Users\...\Desktop\Windows Vista x64 Recovery Disc.iso
[2010.11.25 21:54:48 | 126,310,400 | ---- | M] () -- C:\Users\...\Desktop\Vista_Recovery_Disc_32.iso
[2010.11.22 20:26:09 | 000,010,524 | ---- | M] () -- C:\Users\...\Documents\..._Stdplan.xlsx
[2010.11.11 15:16:49 | 000,034,816 | ---- | M] () -- C:\Users\Public\Documents\Mietkürzung3.doc
[2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010.11.06 14:21:57 | 000,001,099 | ---- | M] () -- C:\Users\...\Desktop\ICQ Update Patch.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.01 13:10:55 | 362,036,352 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.01 13:05:49 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010.12.01 13:05:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.12.01 13:05:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.12.01 13:05:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.12.01 13:05:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.12.01 13:01:48 | 003,983,181 | R--- | C] () -- C:\Users\...\Desktop\ComboFix.exe
[2010.11.30 16:32:05 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.11.25 22:11:00 | 155,752,448 | ---- | C] () -- C:\Users\...\Desktop\Windows Vista x64 Recovery Disc.iso
[2010.11.25 21:51:00 | 126,310,400 | ---- | C] () -- C:\Users\...\Desktop\Vista_Recovery_Disc_32.iso
[2010.11.11 15:16:16 | 000,034,816 | ---- | C] () -- C:\Users\Public\Documents\Mietkürzung3.doc
[2010.11.05 21:29:10 | 000,001,099 | ---- | C] () -- C:\Users\...\Desktop\ICQ Update Patch.lnk
[2010.09.18 20:54:19 | 000,127,085 | ---- | C] () -- C:\Windows\System32\RTKFMSOURCE.dll
[2010.09.17 19:07:30 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010.08.21 14:58:32 | 000,000,084 | ---- | C] () -- C:\Windows\ktel.ini
[2010.07.25 20:41:46 | 000,003,584 | ---- | C] () -- C:\Users\...\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.07 16:47:34 | 000,408,168 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll
[2010.04.19 19:02:47 | 000,000,000 | ---- | C] () -- C:\Windows\iSnooker.INI
[2010.04.16 22:59:09 | 000,017,408 | ---- | C] () -- C:\Users\...\AppData\Local\WebpageIcons.db
[2010.04.16 22:09:51 | 000,000,000 | ---- | C] () -- C:\Users\...\AppData\Local\QSwitch.txt
[2010.04.16 22:09:51 | 000,000,000 | ---- | C] () -- C:\Users\...\AppData\Local\DSwitch.txt
[2010.04.16 22:09:51 | 000,000,000 | ---- | C] () -- C:\Users\...\AppData\Local\AtStart.txt
[2009.12.03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.01 04:31:56 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.01.14 16:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006.03.09 08:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

< End of report >

marble 01.12.2010 22:58
Extras:
Code:
OTL Extras logfile created on: 01.12.2010 21:39:35 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Users\...\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,92 Gb Total Space | 115,41 Gb Free Space | 51,54% Space Free | Partition Type: NTFS
Drive D: | 8,97 Gb Total Space | 8,88 Gb Free Space | 99,07% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0E9905FD-6D7A-4506-BF99-8928F38F105F}_is1" = ICQ 6.5 Build #2024 Banner Remover 1.0
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.8
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi-Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.6
"{82A7004C-CDA5-40F1-A086-6D8BCE7C5DB0}" = ArcSoft TotalMedia 3.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A154D6D-13D6-4CA1-BB3A-E792C18DACBF}" = SCR3xxx Smart Card Reader
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9DE65670-8B16-44DA-9E93-EE684153E7CB}" = klickTel OEM 2008
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{a1823704-14b2-4764-a264-a2e618f4c862}" = Nero 9
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DF5A8D64-0B50-46D7-B85D-E66CE690092C}" = WOT für Internet Explorer
"{E06F91DB-9DA5-41F9-9941-6B0802236A44}" = RUBICon
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"284D9B4A58796481EC5A61D01DCC5E654761629C" = ENE CIR Receiver Driver
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DriverEasy_is1" = DriverEasy 3.0.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 2.20
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"iSnooker" = iSnooker
"JkDefragGUI 1.16" = JkDefragGUI 1.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Nokia Ovi Suite" = Nokia Ovi Suite
"ProInst" = Intel PROSet Wireless
"Samsung ML-1610 Series" = Samsung ML-1610 Series
"ShotOnline" = ShotOnline
"SopCast" = SopCast 3.2.9
"SpeedFan" = SpeedFan (remove only)
"StreamTorrent 1.0" = StreamTorrent 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.5.2.2
"Veetle TV" = Veetle TV 0.9.18
"Veoh Web Player Beta" = Veoh Web Player
"vShare" = vShare Plugin
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.11.2010 16:14:51 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.11.2010 16:14:51 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2242592
 
Error - 22.11.2010 16:14:51 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2242592
 
Error - 22.11.2010 17:36:31 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Easeware\drivereasy\amd64\dpinst.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.11.2010 08:29:56 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16667,
 Zeitstempel: 0x4c7dc5a1  Name des fehlerhaften Moduls: nvd3dum.dll, Version: 8.17.12.5721,
 Zeitstempel: 0x4c0d6f2f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00351943  ID des fehlerhaften
 Prozesses: 0xd3c  Startzeit der fehlerhaften Anwendung: 0x01cb8c9c76bbe9c8  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe  Pfad
des fehlerhaften Moduls: C:\Windows\system32\nvd3dum.dll  Berichtskennung: b5b30a88-f88f-11df-8c61-001e68e9fb06
 
Error - 26.11.2010 05:17:01 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16667,
 Zeitstempel: 0x4c7dc5a1  Name des fehlerhaften Moduls: nvd3dum.dll, Version: 8.17.12.5721,
 Zeitstempel: 0x4c0d6f2f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00351943  ID des fehlerhaften
 Prozesses: 0xdbc  Startzeit der fehlerhaften Anwendung: 0x01cb8d4aacfeed1d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe  Pfad
des fehlerhaften Moduls: C:\Windows\system32\nvd3dum.dll  Berichtskennung: eccfa086-f93d-11df-8ba9-001e68e9fb06
 
Error - 26.11.2010 10:05:12 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Easeware\drivereasy\amd64\dpinst.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.11.2010 05:48:29 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Easeware\drivereasy\amd64\dpinst.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.11.2010 14:00:01 | Computer Name = PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 30.11.2010 10:36:16 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Easeware\drivereasy\amd64\dpinst.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 26.07.2010 07:29:13 | Computer Name = PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 47.
 
Error - 26.07.2010 07:29:14 | Computer Name = PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 47.
 
Error - 26.07.2010 07:29:14 | Computer Name = PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 47.
 
Error - 26.07.2010 07:29:14 | Computer Name = PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 47.
 
Error - 26.07.2010 07:29:14 | Computer Name = PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 47.
 
Error - 26.07.2010 07:32:25 | Computer Name = PC | Source = SCardSvr | ID = 610
Description =
 
Error - 30.07.2010 04:07:51 | Computer Name = PC | Source = DCOM | ID = 10016
Description =
 
Error - 30.07.2010 04:07:51 | Computer Name = PC | Source = DCOM | ID = 10016
Description =
 
Error - 02.08.2010 08:10:36 | Computer Name = PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
Error - 02.08.2010 13:04:42 | Computer Name = PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >

marble 01.12.2010 23:05
komisch...nichts gemacht und die seite läuft wieder einwandfrei!

aber vielleicht kannst du trotzdem gucken ob da was nicht stimmt?

cosinus 02.12.2010 12:39
Zitat:
komisch...nichts gemacht und die seite läuft wieder einwandfrei!
Ändert nichts daran, dass kino.to eine Malwareschleuder ist und man nicht besuchen sollte!
Hast du noch das Log von combofix?

marble 02.12.2010 14:23
ich habe das gefühl, dass dert ton hier schärfer wird...

aber ne, ich hab nichts von combofix. beim durchlauf ist er ja bei der hälfte etwa abgestürzt und neugestartet!
bzw, wenn ich was haben sollte wüsst ich nich, wo es abgelegt ist

cosinus 02.12.2010 15:11
Zitat:
ich habe das gefühl, dass dert ton hier schärfer wird...
Warum? Ist doch nicht meine Schuld, dass kino.to ne Schmuddelseite ist, am Rande der Legalität!


Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
DRV - (EagleNT) -- C:\Users\...~1\AppData\Local\Temp\EagleNT.sys File not found
DRV - (catchme) -- C:\Users\...~1\AppData\Local\Temp\catchme.sys File not found
O4 - HKCU..\Run: []  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

marble 02.12.2010 17:42
was is denn mit antiviren programm und der firewall? ausmachen oder nich?

cosinus 02.12.2010 19:17
Was verstehst du denn sonst unter andere Programme? :rolleyes:
Zumindest Virenscanner deaktivieren.

marble 03.12.2010 11:25
Code:
All processes killed
========== OTL ==========
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File  C:\Users\...~1\AppData\Local\Temp\EagleNT.sys File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File  C:\Users\...~1\AppData\Local\Temp\catchme.sys File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: ...
->Temp folder emptied: 1881344 bytes
->Temporary Internet Files folder emptied: 34047041 bytes
->Java cache emptied: 8010071 bytes
->FireFox cache emptied: 82974388 bytes
->Apple Safari cache emptied: 13346816 bytes
->Flash cache emptied: 5870 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 14913 bytes
 
Total Files Cleaned = 134,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 12032010_111334

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

jetzt funktioniert aber die scroll-funktion meines touchpads nicht mehr... wie kann das denn jetzt sein?

marble 03.12.2010 11:37
ich habe grade den neuesten treiber von HP für mein touchpad installiert, aber meine scroll-funktion funktioniert nicht mehr...hilfe

cosinus 03.12.2010 12:26
Probier CF nochmal, aber strikt nach dieser Anleitung!

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

marble 03.12.2010 21:52
Code:
ComboFix 10-12-02.06 - ... 03.12.2010  21:38:31.2.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.3069.2166 [GMT 1:00]
ausgeführt von:: c:\users\...\Desktop\confi.exe
.

(((((((((((((((((((((((  Dateien erstellt von 2010-11-03 bis 2010-12-03  ))))))))))))))))))))))))))))))
.

2010-12-03 20:43 . 2010-12-03 20:43        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-12-03 20:10 . 2010-12-03 20:10        --------        d-----w-        c:\program files\Synaptics
2010-12-03 10:27 . 2010-12-03 10:27        --------        d-----w-        c:\program files\HP
2010-12-03 10:13 . 2010-12-03 10:13        --------        d-----w-        C:\_OTL
2010-12-03 10:03 . 2010-12-03 20:43        --------        d-----w-        c:\users\...\AppData\Local\temp
2010-12-03 09:55 . 2010-12-03 20:37        --------        d-----w-        C:\ComboFix
2010-12-03 09:52 . 2010-11-10 04:33        6273872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F401FEA7-D244-4947-A548-4BA2BC6C01D7}\mpengine.dll
2010-12-02 11:44 . 2010-12-02 11:45        --------        d-----w-        c:\program files\DivX
2010-12-02 10:52 . 2009-07-19 15:03        497664        ----a-w-        c:\windows\system32\ac3filter.acm
2010-12-02 10:52 . 2010-12-02 10:52        --------        d-----w-        c:\program files\AC3Filter
2010-11-30 18:45 . 2010-12-03 19:48        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-11-30 18:45 . 2010-11-30 18:46        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-11-30 18:41 . 2010-11-30 18:41        --------        d-----w-        c:\users\...\AppData\Roaming\Malwarebytes
2010-11-30 18:41 . 2010-11-30 18:41        --------        d-----w-        c:\programdata\Malwarebytes
2010-11-30 18:41 . 2010-11-29 16:42        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 18:41 . 2010-11-30 18:41        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-11-30 18:41 . 2010-11-29 16:42        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-30 12:18 . 2010-11-30 12:18        --------        d-----w-        c:\users\...\AppData\Roaming\Intel
2010-11-30 12:16 . 2010-11-30 12:16        --------        d-----w-        c:\program files\Cisco
2010-11-30 12:16 . 2010-11-30 12:16        --------        d-----w-        c:\program files\Common Files\Intel
2010-11-30 12:16 . 2010-11-30 12:16        --------        d-----w-        c:\programdata\Intel
2010-11-30 10:58 . 2010-10-16 18:55        888424        ----a-w-        c:\windows\system32\nvdispco322050.dll
2010-11-30 10:58 . 2010-10-16 18:55        813672        ----a-w-        c:\windows\system32\nvgenco322030.dll
2010-11-30 10:58 . 2010-09-07 20:09        26216        ----a-w-        c:\windows\system32\nvhdap32.dll
2010-11-30 10:58 . 2010-09-07 20:09        65640        ----a-w-        c:\windows\system32\nvapo32v.dll
2010-11-30 10:58 . 2010-09-07 20:08        123496        ----a-w-        c:\windows\system32\drivers\nvhda32v.sys
2010-11-30 10:58 . 2010-09-07 20:08        813672        ----a-w-        c:\windows\system32\nvgenco32.dll
2010-11-20 18:22 . 2010-11-20 18:22        --------        d-----w-        c:\program files\Veetle
2010-11-06 20:46 . 2010-11-06 20:46        --------        d-----w-        c:\program files\Common Files\Java
2010-11-06 20:46 . 2010-09-15 03:50        472808        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-06 10:37 . 2010-11-06 10:37        103864        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37        103864        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-11-05 20:29 . 2010-11-05 20:29        --------        d-----w-        c:\program files\ICQ Update Patch

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-14 02:21        222080        ------w-        c:\windows\system32\MpSigStub.exe
2010-09-29 16:47 . 2010-10-18 12:51        4032992        ----a-w-        c:\windows\system32\GameMon.des
2010-09-15 03:50 . 2010-04-16 18:08        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2010-09-08 04:30 . 2010-10-13 09:15        978432        ----a-w-        c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 09:15        44544        ----a-w-        c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 09:15        386048        ----a-w-        c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 09:15        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-04-14 2790472]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"QuickLaunchEnabled"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^...^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^klickTel OEM 2008 - Schnellstarter.lnk]
path=c:\users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\klickTel OEM 2008 - Schnellstarter.lnk
backup=c:\windows\pss\klickTel OEM 2008 - Schnellstarter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07        932288        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-07-04 13:00        109056        ----a-w-        c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47        31016        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10        142120        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 11:25        2363392        ----a-w-        c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-07-02 10:20        671608        ----a-w-        c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-10-13 07:57        215944        ----a-w-        c:\program files\pdf24\pdf24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36        50472        ------w-        c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23        83240        ------w-        c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
2005-07-03 07:20        372736        ------w-        c:\windows\Samsung\ComSMMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44        248552        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01        2634048        ----a-w-        c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 01:05        734264        ----a-w-        c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 iscFlash;iscFlash;c:\swsetup\sp45138\iscflash.sys [2009-06-16 13312]
R3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-09-29 4032992]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 37280]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-07-06 91168]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-07-06 32800]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-06 57856]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2009-11-10 17320]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 26168]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-28 59904]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-12-17 129136]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-07-14 6814720]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-11-30 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2010-08-27 12:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: kino.to
TCP: {7325BC76-0D62-4F0E-99B7-BE30FE7A5D0E} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\...\AppData\Roaming\Mozilla\Firefox\Profiles\yqsjzsks....\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-556683703-228710120-2652249240-1000\Software\SecuROM\License information*]
"datasecu"=hex:e9,78,54,bc,83,6d,e6,63,79,fe,31,2a,dc,9e,ac,91,41,7f,a2,59,4b,
  32,c9,4d,8c,ec,64,29,0b,9b,97,68,a9,39,5b,0a,5f,5e,95,8c,bb,74,7a,49,91,d5,\
"rkeysecu"=hex:ac,b0,07,4d,48,dc,c3,98,2e,1d,6f,8c,ab,d6,ed,50

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2736)
c:\windows\system32\fxsst.dll
.
Zeit der Fertigstellung: 2010-12-03  21:44:41
ComboFix-quarantined-files.txt  2010-12-03 20:44
ComboFix2.txt  2010-12-03 10:03

Vor Suchlauf: 18 Verzeichnis(se), 126.164.307.968 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 125.771.444.224 Bytes frei

- - End Of File - - E301B845490091523D4145C36DB4856B

cosinus 03.12.2010 23:15
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

marble 04.12.2010 21:11
GMER:

Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-04 20:51:52
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.8909
Running: feh8d6fq.exe; Driver: C:\Users\...~1\AppData\Local\Temp\pxldapow.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                    ZwCreateProcessEx [0x8B01550A]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                    ZwCreateSection [0x8B01532E]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                    ZwLoadDriver [0x8B015468]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                    NtCreateSection
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                    ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                          82E5A599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                  82E7EF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            ntkrnlpa.exe!ZwLoadDriver                                                                                82FB8291 7 Bytes  JMP 8B01546C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                      8301FFBF 5 Bytes  JMP 8B0114AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                        83039CF3 5 Bytes  JMP 8B0129E4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntkrnlpa.exe!NtCreateSection                                                                            83047D63 7 Bytes  JMP 8B015332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                          830F1EAC 7 Bytes  JMP 8B01550E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\System32\rundll32.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [755C5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3312] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [755C5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [755C5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3312] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [755C5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                  aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                  aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

OSAM:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:05:57 on 04.12.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"DriverEasy Scheduled Scan.job" - "Easeware" - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HP 3D DriveGuard" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\hpaccelerometercp.CPL
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "ALWIL Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "ALWIL Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSP" (aswSP) - "ALWIL Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\Users\...~1\AppData\Local\Temp\catchme.sys  (File not found)
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"iscFlash" (iscFlash) - "Insyde Software" - C:\SwSetup\sp45138\iscflash.sys
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"pxldapow" (pxldapow) - ? - C:\Users\...~1\AppData\Local\Temp\pxldapow.sys  (Hidden registry entry, rootkit activity | File not found)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"Team MFP Comm Driver" (DgiVecp) - "DeviceGuys, Inc." - C:\Windows\System32\Drivers\DgiVecp.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? -  (File not found | COM-object registry key not found)
{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} "WOT Protocol" - "WOT Services Oy" - C:\Program Files\WOT\WOT.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{E97DEC16-A50D-49bb-AE24-CF682282E08D} "OpenGLShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "WOT" - "WOT Services Oy" - C:\Program Files\WOT\WOT.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} "GMNRev Class" - "Hewlett-Packard" - C:\Program Files\HP\Common\HPGMNRev.dll / hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
{1851174C-97BD-4217-A0CC-E908F60D5B7A} "Hewlett-Packard Online Support Services" - "Hewlett-Packard" - C:\Windows\DOWNLO~1\HPISDA~1.DLL / https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
{6F15128C-E66A-490C-B848-5000B5ABEEAC} "HP Download Manager" - "Hewlett-Packard Co." - C:\Windows\Downloaded Program Files\HPDEXAXO.dll / https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} "SysInfo Class" - "Husdawg, LLC" - C:\Program Files\SystemRequirementsLab\srldetect_intel_4.1.66.0.dll / hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{71576546-354D-41c9-AAE8-31F2EC22BF0D} "WOT" - "WOT Services Oy" - C:\Program Files\WOT\WOT.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} "WOT Helper" - "WOT Services Oy" - C:\Program Files\WOT\WOT.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avast5" - "ALWIL Software" - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"avast! Antivirus" (avast! Antivirus) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"avast! Mail Scanner" (avast! Mail Scanner) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"avast! Web Scanner" (avast! Web Scanner) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Google Update Service (gupdate)" (gupdate) - ? - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc  (File not found)
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"ScCertProp" - ? - wlnotify.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBRCheck:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Ultimate Edition
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        Quanta
BIOS Manufacturer:                Hewlett-Packard
System Manufacturer:                Hewlett-Packard
System Product Name:                HP Pavilion dv5 Notebook PC
Logical Drives Mask:                0x0000001c

Kernel Drivers (total 207):
  0x82E17000 \SystemRoot\system32\ntkrnlpa.exe
  0x83227000 \SystemRoot\system32\halmacpi.dll
  0x80BA5000 \SystemRoot\system32\kdcom.dll
  0x8B03F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8B0B7000 \SystemRoot\system32\PSHED.dll
  0x8B0C8000 \SystemRoot\system32\BOOTVID.dll
  0x8B0D0000 \SystemRoot\system32\CLFS.SYS
  0x8B112000 \SystemRoot\system32\CI.dll
  0x8B214000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8B285000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8B293000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x8B2DB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x8B2E4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8B2EC000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8B316000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x8B321000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B332000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8B33A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8B345000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8B355000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8B3A0000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8B421000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8B5D6000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x8B3B6000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x8B5DF000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x8B5E9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8B5F7000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x8B1BD000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8B400000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B623000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B752000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B77D000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B790000 \SystemRoot\System32\Drivers\cng.sys
  0x8B7ED000 \SystemRoot\System32\drivers\pcw.sys
  0x8B600000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8B805000 \SystemRoot\system32\drivers\ndis.sys
  0x8B8BC000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B8FA000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8BA26000 \SystemRoot\System32\drivers\tcpip.sys
  0x8BB6F000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8BBA0000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8BBA9000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8BBE8000 \SystemRoot\System32\Drivers\spldr.sys
  0x8BBF0000 \SystemRoot\system32\speedfan.sys
  0x8B91F000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8BA00000 \SystemRoot\System32\Drivers\mup.sys
  0x8BA10000 \SystemRoot\system32\DRIVERS\johci.sys
  0x8BA18000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8BBF2000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
  0x8BBFB000 \SystemRoot\system32\giveio.sys
  0x8B94C000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B97E000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8B98F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x909C9000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x909E8000 \SystemRoot\System32\Drivers\Null.SYS
  0x909EF000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8B9C1000 \SystemRoot\System32\drivers\vga.sys
  0x8B9CD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8B9EE000 \SystemRoot\System32\drivers\watchdog.sys
  0x909F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8B609000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8B611000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8B411000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8B3D9000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8B3E7000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8B200000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8B619000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x90E21000 \SystemRoot\system32\drivers\afd.sys
  0x90E7B000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x90E80000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90EB2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x90EB9000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90ED8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x90EE9000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x90EF7000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x90F0A000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x90F1A000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90F5B000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x90F65000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90F6F000 \SystemRoot\System32\drivers\discache.sys
  0x90F7B000 \SystemRoot\system32\drivers\csc.sys
  0x90FDF000 \SystemRoot\System32\Drivers\dfsc.sys
  0x90E00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x8B000000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x90401000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x90422000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x90434000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x93634000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x94095000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x94097000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x9414E000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x94187000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x94192000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x941DD000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x93600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x97032000 \SystemRoot\system32\DRIVERS\NETwNs32.sys
  0x976BC000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x976C6000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
  0x9770B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x9771B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x9772F000 \SystemRoot\system32\DRIVERS\jmcr.sys
  0x97750000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x97776000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x9778E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
  0x97797000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x977A4000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x977D4000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x977D6000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x977E3000 \SystemRoot\system32\DRIVERS\enecir.sys
  0x97000000 \SystemRoot\system32\drivers\Afc.sys
  0x97008000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x9700E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x97017000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
  0x97022000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x9361F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x90438000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x941EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x90450000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x90472000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x9048A000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x904A1000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x904B8000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x9702F000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x904C2000 \SystemRoot\system32\DRIVERS\ks.sys
  0x904F6000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x90504000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x90512000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x90556000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90567000 \SystemRoot\system32\DRIVERS\stwrt.sys
  0x97E35000 \SystemRoot\system32\DRIVERS\portcls.sys
  0x97E64000 \SystemRoot\system32\DRIVERS\drmk.sys
  0x97E7D000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x97E9E000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x97EAD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x97EC0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x97EC7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x97ED3000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x82820000 \SystemRoot\System32\win32k.sys
  0x97EDE000 \SystemRoot\System32\drivers\Dxapi.sys
  0x97EE8000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x90800000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x97EF5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x97F06000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x97F1D000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x97F41000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x82A80000 \SystemRoot\System32\TSDDD.dll
  0x82AB0000 \SystemRoot\System32\cdd.dll
  0x97F4C000 \SystemRoot\system32\drivers\luafv.sys
  0x97F67000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0x97F7E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0x97F81000 \SystemRoot\system32\drivers\WudfPf.sys
  0x97F9B000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x97FAB000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x97E00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x97E10000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9DA36000 \SystemRoot\system32\drivers\HTTP.sys
  0x9DABB000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9DAD4000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9DAE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9DB09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9DB44000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9DB5F000 \SystemRoot\system32\drivers\peauth.sys
  0x9DBF6000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9DA00000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9DA21000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9E826000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9E8DF000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9E936000 \??\C:\Users\...~1\AppData\Local\Temp\pxldapow.sys
  0x77520000 \Windows\System32\ntdll.dll
  0x477B0000 \Windows\System32\smss.exe
  0x77760000 \Windows\System32\apisetschema.dll
  0x009E0000 \Windows\System32\autochk.exe
  0x776F0000 \Windows\System32\shlwapi.dll
  0x77480000 \Windows\System32\usp10.dll
  0x76830000 \Windows\System32\shell32.dll
  0x766D0000 \Windows\System32\ole32.dll
  0x76530000 \Windows\System32\setupapi.dll
  0x776D0000 \Windows\System32\sechost.dll
  0x76460000 \Windows\System32\msctf.dll
  0x763D0000 \Windows\System32\clbcatq.dll
  0x77680000 \Windows\System32\gdi32.dll
  0x77670000 \Windows\System32\lpk.dll
  0x76320000 \Windows\System32\msvcrt.dll
  0x762C0000 \Windows\System32\difxapi.dll
  0x76220000 \Windows\System32\advapi32.dll
  0x76190000 \Windows\System32\oleaut32.dll
  0x76150000 \Windows\System32\ws2_32.dll
  0x760D0000 \Windows\System32\comdlg32.dll
  0x76080000 \Windows\System32\Wldap32.dll
  0x75F80000 \Windows\System32\wininet.dll
  0x75EB0000 \Windows\System32\user32.dll
  0x75E90000 \Windows\System32\imm32.dll
  0x75E60000 \Windows\System32\imagehlp.dll
  0x75DB0000 \Windows\System32\rpcrt4.dll
  0x77660000 \Windows\System32\psapi.dll
  0x75DA0000 \Windows\System32\normaliz.dll
  0x75D90000 \Windows\System32\nsi.dll
  0x75C50000 \Windows\System32\urlmon.dll
  0x75B70000 \Windows\System32\kernel32.dll
  0x75970000 \Windows\System32\iertutil.dll
  0x758E0000 \Windows\System32\comctl32.dll
  0x758C0000 \Windows\System32\devobj.dll
  0x75870000 \Windows\System32\KernelBase.dll
  0x75840000 \Windows\System32\wintrust.dll
  0x75720000 \Windows\System32\crypt32.dll
  0x756F0000 \Windows\System32\cfgmgr32.dll
  0x756E0000 \Windows\System32\msasn1.dll

Processes (total 68):
      0 System Idle Process
      4 System
    304 C:\Windows\System32\smss.exe
    428 csrss.exe
    492 C:\Windows\System32\wininit.exe
    500 csrss.exe
    540 C:\Windows\System32\services.exe
    556 C:\Windows\System32\lsass.exe
    564 C:\Windows\System32\lsm.exe
    676 C:\Windows\System32\svchost.exe
    748 C:\Windows\System32\nvvsvc.exe
    788 C:\Windows\System32\svchost.exe
    848 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
    1132 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\hpservice.exe
    1256 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\winlogon.exe
    1392 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1400 C:\Windows\System32\wlanext.exe
    1408 C:\Windows\System32\conhost.exe
    1708 C:\Windows\System32\spoolsv.exe
    1736 C:\Windows\System32\svchost.exe
    1776 C:\Windows\System32\svchost.exe
    1860 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    1880 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
    1908 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1976 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2000 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    108 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    432 C:\Windows\System32\svchost.exe
    1048 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    2228 C:\Windows\System32\nvvsvc.exe
    2360 unsecapp.exe
    2508 WmiPrvSE.exe
    2684 C:\Windows\System32\taskhost.exe
    2832 C:\Windows\System32\dwm.exe
    2952 C:\Windows\explorer.exe
    3208 C:\Windows\System32\svchost.exe
    3312 C:\Windows\System32\rundll32.exe
    3476 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    3488 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3500 C:\Program Files\IDT\WDM\sttray.exe
    3508 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    3516 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3640 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3652 C:\Program Files\Windows Sidebar\sidebar.exe
    3876 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3916 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    3984 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    2140 C:\Windows\System32\SearchIndexer.exe
    2708 C:\Program Files\Windows Media Player\wmpnetwk.exe
    236 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    4040 C:\Windows\System32\svchost.exe
    4120 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    3816 C:\Program Files\Internet Explorer\iexplore.exe
    5008 C:\Program Files\Internet Explorer\iexplore.exe
    4460 C:\Windows\System32\SearchProtocolHost.exe
    3376 C:\Program Files\Internet Explorer\iexplore.exe
    4436 C:\Windows\System32\SearchProtocolHost.exe
    2852 C:\Windows\System32\audiodg.exe
    4496 C:\Windows\System32\SearchFilterHost.exe
    2296 dllhost.exe
    1228 dllhost.exe
    4092 C:\Users\...\Desktop\MBRCheck.exe
    4620 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`fac00000  (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG2, Rev: 8909   

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus 04.12.2010 23:01
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

marble 05.12.2010 13:38
Malwarebytes

Code:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5247

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.12.2010 13:25:16
mbam-log-2010-12-05 (13-25-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 252921
Laufzeit: 37 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

marble 05.12.2010 15:03
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/05/2010 at 02:49 PM

Application Version : 4.46.1000

Core Rules Database Version : 5954
Trace Rules Database Version: 3766

Scan type      : Complete Scan
Total Scan Time : 01:14:44

Memory items scanned      : 815
Memory threats detected  : 0
Registry items scanned    : 10295
Registry threats detected : 0
File items scanned        : 117847
File threats detected    : 7

Adware.Tracking Cookie
        C:\Users\...\AppData\Roaming\Microsoft\Windows\Cookies\...@atwola[1].txt
        C:\Users\...\AppData\Roaming\Microsoft\Windows\Cookies\...@doubleclick[1].txt
        C:\Users\...\AppData\Roaming\Microsoft\Windows\Cookies\...@content.yieldmanager[1].txt
        C:\Users\...\AppData\Roaming\Microsoft\Windows\Cookies\...@ad.yieldmanager[2].txt
        C:\Users\...\AppData\Roaming\Microsoft\Windows\Cookies\...@adbrite[2].txt
        vidii.hardsextube.com [ C:\Users\...\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9WHG3GMG ]
        www.naiadsystems.com [ C:\Users\...\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9WHG3GMG ]

cosinus 05.12.2010 15:28
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

marble 05.12.2010 16:23
nope...soweit nicht.


1) weiß du was über das vshare-plugin für FF oder IE?

pc will, dass ich das installiere um fußball zu gucken.
gibts da besondere infos zu dem plugin?

2) ich hab avast als antiviren programm...
is das in ordnung? oder würdes du ein anderes empfehlen?

cosinus 05.12.2010 16:38
Zitat:
pc will, dass ich das installiere um fußball zu gucken.
gibts da besondere infos zu dem plugin?
Auf welcher Seite?

Zitat:
2) ich hab avast als antiviren programm...
Avast is ok. Wichtiger als der Virenscanner ist dein Sicherheitskonzept.

marble 05.12.2010 17:47
gucken auf www.atdhe.net

installieren würd ichs über chip.de

cosinus 05.12.2010 18:14
Und was für ein Plugin ist das? atdhe kenn ich, war für mich aber unbrauchbar langsam damals. Seitdem (ist schon 2 jahre her oder so) meide ich diese Seite. man ärgert sich nur.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:38 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129