Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Problem mit Vista Darstellungseinstellung (Design) (https://www.trojaner-board.de/96403-problem-vista-darstellungseinstellung-design.html)

chenju 09.03.2011 18:22
Problem mit Vista Darstellungseinstellung (Design)
 
Liste der Anhänge anzeigen (Anzahl: 1)
Habe ein großes problem mit meinen Fensterdarstellungen! Ich kann das aero und vista-basis nicht mehr aktivieren..sogar bei der vorschau ist nur ein schwarzes feld zu sehen, ging bis jetz die ganze zeit aber gestern hat sich mein system selber neu gestartet nach einen update und seitdem geht das nicht mehr.. zudem steht bei anpassung / fensterfarben und darstellung--- das aero und das vista-basis 2mal hintereinander da?? auswählen kann ich sie aber nicht sondern nur im nicht so schönen windows standart! BItte helft mir was kann ich tun?

eine grafik füg ich auch noch bei... Danke im vorraus ich hoffe jemand kann mir helfen

cosinus 10.03.2011 13:38
Downloade Dir bitte WVCheck von Artellos.com
  • Speichere die Datei auf dem Desktop. ( solltest Du dir die .zip Datei herunter geladen haben musst Du diese zuerst entpacken )
  • Starte die .exe mit Doppelklick
    Vista und Win7 User: mit Rechtsklick "als Admin ausführen" starten
  • Wie beschrieben, kann das Tool eine Weile brauchen.
  • Wenn es erledigt ist, kopiere den Inhalt des Textdokumentes hier in deinen Thread

chenju 11.03.2011 16:11
Hallo cosinus. Und Danke für deine Hilfe.

Hier ist das Ergebnis:

Windows Validation Check
Version: 1.9.11.5
Log Created On: 1608_11-03-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 2
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-03-10 18:47:38
Last Success Time for Update Download: 2011-03-08 23:05:13
Last Success Time for Update Installation: 2011-03-08 23:15:36


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 75510147b94598407666f4802797c75a


-------- End of File, program close at 1608_11-03-2011 --------


Ich hoffe du kannst damit was anfangen =)

cosinus 11.03.2011 16:15
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

chenju 11.03.2011 18:28
So ich bin jetzt endlich fertig mit den scans.. danke für deine schnelle hilfe!
eine ältere malewarebyte log-datei konnte ich nicht finden..
hier ist die aktuelle

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6019

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413

11.03.2011 18:12:34
mbam-log-2011-03-11 (18-12-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 370665
Laufzeit: 1 Stunde(n), 43 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



und hier die 2 von OTL.exe

Extras.Txt :OTL Logfile:
Code:
OTL Extras logfile created on: 11.03.2011 18:18:51 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\HP\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,53 Gb Total Space | 43,62 Gb Free Space | 30,82% Space Free | Partition Type: NTFS
Drive D: | 7,51 Gb Total Space | 2,51 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
 
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0075C272-4A11-440F-BF2B-AE83A61BC6C4}" = lport=4665 | protocol=17 | dir=in | name=remote |
"{1E6CED5D-80BF-4839-B323-883882F6DF37}" = rport=5357 | protocol=6 | dir=out | app=system |
"{2E47E519-51A1-40D0-A3F2-F3C45319739E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D87D1CB-BF0C-4858-9DEC-C85A9B2C3B58}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{4A5F4AC2-891A-4509-A082-F2851F2AD1C6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{4B0314C1-CDFE-4078-9B59-3EB58FD5D890}" = rport=2178 | protocol=6 | dir=out | app=system |
"{656EB274-94C0-4BAA-A974-7F6A6B3ACB90}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8C4E59D2-D55C-408D-8BBA-7AC293936023}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{93BE7600-D377-40D5-AD16-62268FDF46AE}" = lport=4661 | protocol=6 | dir=in | name=remote |
"{95C46567-6A68-4E97-921D-4180CC8860DA}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{99BDA328-3A4E-44BE-BAD6-23F6BC524DDE}" = lport=5358 | protocol=6 | dir=in | app=system |
"{A91743B2-B5C8-44FB-8CBA-3582F3EC3F19}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{BDF957A8-A744-488B-8763-BD2ECA4C6314}" = rport=5358 | protocol=6 | dir=out | app=system |
"{BE1FCB4E-5080-450B-8BEC-50492ABB20C5}" = lport=2178 | protocol=6 | dir=in | app=system |
"{FCC71F21-695F-4181-AC38-2C08FF73C9E1}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{FF34B61F-D486-45A3-A27E-7E7B20B6F5BF}" = lport=5357 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD43E70-A66C-4215-8D70-76E006F9CC75}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{21362C17-93BD-4342-8EDE-B2D46F7F65AC}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{2DC3740F-7100-4517-9E38-98A19092700D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4787C8CB-F8D2-4C64-945D-A8488CD4187D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4B56601D-5FA3-4278-9672-C044803F793D}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{5EDAE8AB-00A4-4287-B89C-3A3456311A48}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67771231-3508-4CDF-9B6C-D236BFE57E88}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9617D626-829E-47E8-903A-2608464F6C87}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B688A089-7CB5-4D1D-B9A6-FFD359BEAEF9}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B8E55134-BBCA-4C03-9B43-62FCAC00D559}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{D71EA193-6FA3-4D1F-8E25-787966C777D2}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{DBE9244B-5F68-4E52-BC1D-D6151905CD86}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EFBF4F7D-3279-4A59-8575-0058E028E516}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"TCP Query User{01AE6933-9CC7-4C31-80EF-2E68BBDDB3E1}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{07EE0797-76C7-4221-8CEB-F846EAD2EB3A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{177E6943-272D-485A-8088-6BFBEFD94C20}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{2FB8B96F-4C9A-4694-95C3-F8A13F6CCD16}C:\program files\steam\steamapps\chrizi85\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\chrizi85\counter-strike source\hl2.exe |
"TCP Query User{4C5B48EC-4566-40F5-A6A1-373B445FC790}C:\program files\mirandame\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\mirandame\miranda32.exe |
"TCP Query User{9D89A8DC-5697-41EB-A78F-FF0C6ED507A6}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{A134D9B5-9EA7-4F27-B7D4-5B7972D7876D}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{B75C2BBE-8EED-4223-B213-247BD2F427D2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DFE8731B-86EC-4811-9232-748CF1B98E84}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EBC6FD5D-7616-41B8-8438-E496C2B5EF87}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{2DDA06B3-5DC1-4C98-8487-BA0C7DF10CED}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"UDP Query User{3D4F952F-4822-4194-83E4-F5EA5C332E11}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{4A6FE90F-B7AD-4C38-A2A1-71A6F427F7C5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5EA9419D-B5E3-4A6F-B5C8-23691DD69EE7}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{82F837FB-6C24-45FD-B7BC-646CBC043F37}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{83F2DE60-2A84-4B1C-918C-B77A6C0EC8E6}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{913464D4-B456-4E08-BBC2-490D3D404BF8}C:\program files\mirandame\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\mirandame\miranda32.exe |
"UDP Query User{BB4D27FA-5C04-49BF-A53D-FF724A1CDFCA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CC1FCD24-74F9-418E-A6C2-288948E57275}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{F7FB4CB3-A266-4428-BB7D-1C39982E0457}C:\program files\steam\steamapps\chrizi85\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\chrizi85\counter-strike source\hl2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7968EB30-5580-4955-8925-4A17CD625118}" = ESU for Microsoft Vista
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BAF043B-82FC-43E2-96EA-5F68015F4FA2}" = AuthenTec Fingerprint Sensor Minimum Install
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Camfrog 5.5" = Camfrog Video Chat 5.5
"Canon Camera TWAIN Driver EOS-1D" = Canon EOS-1D TWAIN Driver
"CCleaner" = CCleaner
"eMule" = eMule
"eMule Plus_is1" = eMule Plus 1.2e
"Everest Poker" = Everest Poker (Remove Only)
"Everest Poker.net" = Everest Poker.net (Remove Only)
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Privoxy" = Privoxy 3.0.6
"SimpleScreenshot" = SimpleScreenshot 1.40
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tor" = Tor 0.1.2.19
"Vidalia" = Vidalia 0.0.16
"VistaGlazz_is1" = VistaGlazz 1.2
"VLC media player" = VLC media player 0.9.8a
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---


und OTL.TxtOTL Logfile:
Code:
OTL logfile created on: 11.03.2011 18:18:51 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\HP\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,53 Gb Total Space | 43,62 Gb Free Space | 30,82% Space Free | Partition Type: NTFS
Drive D: | 7,51 Gb Total Space | 2,51 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
 
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Vidalia Bundle\Tor\tor.exe ()
PRC - C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe (Cognizance Corporation)
PRC - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - Privoxy - Home Page)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (ASBroker) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ASChannel) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dtscsi) -- C:\Windows\System32\Drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Bing [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 45 9C 33 87 92 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2011.02.10 18:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.03 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.02.08 16:52:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.05.19 10:39:58 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.01.21 22:28:47 | 000,002,158 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater]  File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{712a6547-9414-11df-8ee6-001b24c8f5d8}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.11 18:15:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2011.03.11 17:59:20 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Fat32FormatterEN
[2011.03.11 16:53:37 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Ps3
[2011.03.11 16:02:12 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\ice02.2011
[2011.03.09 17:55:11 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\SimpleScreenshot
[2011.03.09 17:55:05 | 000,330,336 | ---- | C] (Mirko Böer) -- C:\Windows\SSSUn.EXE
[2011.03.09 17:55:05 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimpleScreenshot
[2011.03.09 17:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\SSS
[2011.03.09 17:54:08 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\simpleScreenshot
[2011.03.09 00:05:12 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 00:05:12 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 00:05:12 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 00:05:12 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.03.06 00:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2011.03.01 00:48:53 | 000,000,000 | ---D | C] -- C:\Users\HP\Tracing
[2011.02.28 16:43:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.02.28 16:43:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.02.28 16:43:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.02.25 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.02.24 03:06:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.24 03:01:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.24 03:01:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.24 03:01:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.24 03:01:26 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.24 03:01:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.24 03:01:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.24 03:01:20 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.24 03:01:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.24 03:01:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.24 03:01:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.24 03:01:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.24 03:00:59 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.24 03:00:59 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.24 03:00:59 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.24 03:00:58 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.24 03:00:58 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.02.21 19:00:11 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\BewerbungsMaster
[2011.02.21 18:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\BEWERBUNGSMASTER
[2011.02.20 15:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedBit Video Downloader
[2011.02.20 15:42:27 | 000,172,032 | ---- | C] (Jin Hui    E-mail: jinhui@jcomsoft.com  Web: JComSoft : J Component Software : ActiveX & OCX Shareware and Freeware) -- C:\Windows\System32\AniGIF.ocx
[2011.02.20 15:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2011.02.20 15:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\SearchPredict
[2011.02.20 15:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Downloader
[2011.02.20 15:29:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.02.20 15:19:42 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.02.20 15:19:41 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.02.20 15:19:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.02.20 15:19:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.20 15:19:40 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.02.20 15:19:40 | 001,426,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.20 15:19:40 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.02.20 15:19:40 | 000,356,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.20 15:19:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.02.20 15:19:40 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.02.20 15:19:40 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.20 15:19:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.20 15:19:40 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.20 15:19:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.20 15:19:39 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.20 15:19:39 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.20 15:19:39 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.02.20 15:19:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.02.20 15:19:35 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.20 15:19:35 | 001,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.02.20 15:19:35 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.02.20 15:19:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.02.20 15:19:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.20 15:19:35 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.02.20 15:19:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.02.20 15:19:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.20 15:19:34 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.02.20 15:19:34 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.20 15:19:34 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.02.20 15:19:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.20 15:19:34 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.02.20 15:19:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.20 15:19:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.20 15:19:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.20 15:19:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.02.20 15:19:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.02.20 15:19:32 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.20 15:19:32 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.02.20 15:19:32 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.02.20 15:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2011.02.10 17:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2011.02.10 17:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.02.10 17:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011.02.10 17:46:31 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.02.10 17:02:28 | 000,282,624 | ---- | C] (Sub Systems, Inc. ) -- C:\Windows\System32\PDC32.DLL
[2011.02.10 00:10:08 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.10 00:10:03 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.10 00:10:02 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.10 00:09:46 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.10 00:09:46 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.10 00:09:45 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.02.10 00:09:45 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.02.10 00:09:45 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.10 00:09:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.10 00:09:44 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.10 00:09:44 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.10 00:09:44 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.02.10 00:09:44 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.10 00:09:43 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.10 00:09:43 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.02.10 00:09:42 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.10 00:09:41 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.10 00:09:41 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.02.10 00:09:41 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.10 00:09:41 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.10 00:09:40 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.02.10 00:09:40 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.02.10 00:09:39 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.10 00:09:39 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.02.10 00:09:38 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.02.10 00:09:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.10 00:09:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.02.10 00:09:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.10 00:09:22 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.10 00:09:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\HP\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\HP\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\HP\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\HP\AppData\Local\bass.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.11 18:21:46 | 000,004,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 18:21:46 | 000,004,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 18:15:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2011.03.11 17:38:55 | 000,173,056 | ---- | M] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.11 16:58:09 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.11 16:58:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.11 16:58:09 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.11 16:58:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.11 16:25:53 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.03.11 16:25:43 | 000,031,586 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.03.11 16:25:17 | 000,031,586 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.03.11 16:21:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.11 16:21:40 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.11 15:59:21 | 000,000,680 | ---- | M] () -- C:\Users\HP\AppData\Local\d3d9caps.dat
[2011.03.09 18:01:07 | 000,010,558 | ---- | M] () -- C:\Users\HP\Documents\Femsterdarstellung!.gif
[2011.03.09 18:00:25 | 000,016,386 | ---- | M] () -- C:\Users\HP\Documents\Fensterdarstellung.gif
[2011.03.09 17:55:06 | 000,001,346 | R--- | M] () -- C:\Windows\SimpleScreenshot_Uninstall.in
[2011.03.09 17:55:05 | 000,000,721 | ---- | M] () -- C:\Users\HP\Desktop\SimpleScreenshot.lnk
[2011.03.08 20:12:05 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.03.06 01:28:45 | 000,293,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.27 01:41:58 | 000,001,607 | ---- | M] () -- C:\Users\HP\Documents\KündigungTestabo.rtf
[2011.02.25 16:35:24 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.02.24 18:27:39 | 000,920,206 | ---- | M] () -- C:\Users\HP\AppData\Roaming\UserTile.png
[2011.02.21 20:40:48 | 000,001,722 | ---- | M] () -- C:\Users\HP\Documents\Ausbildung Anschreiben Encinar.rtf
[2011.02.21 19:37:57 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.02.21 19:37:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.02.21 19:36:39 | 000,000,127 | ---- | M] () -- C:\Notizen.rtf
[2011.02.20 15:19:56 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.02.20 15:19:56 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.02.20 15:19:42 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.02.20 15:19:41 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.02.20 15:19:41 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.02.20 15:19:41 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.20 15:19:40 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.02.20 15:19:40 | 001,426,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.20 15:19:40 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.02.20 15:19:40 | 000,356,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.20 15:19:40 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.02.20 15:19:40 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.02.20 15:19:40 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.20 15:19:40 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.20 15:19:40 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.02.20 15:19:40 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.20 15:19:40 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.20 15:19:39 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.20 15:19:39 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.20 15:19:39 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.02.20 15:19:39 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.02.20 15:19:36 | 002,382,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.20 15:19:35 | 001,791,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.02.20 15:19:35 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.02.20 15:19:35 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.02.20 15:19:35 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.20 15:19:35 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.02.20 15:19:35 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.02.20 15:19:34 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.20 15:19:34 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.02.20 15:19:34 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.20 15:19:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.02.20 15:19:34 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.20 15:19:34 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.02.20 15:19:34 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.20 15:19:33 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.20 15:19:33 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.20 15:19:33 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.02.20 15:19:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.02.20 15:19:32 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.20 15:19:32 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.02.20 15:19:32 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.02.20 12:52:15 | 000,000,264 | ---- | M] () -- C:\Users\HP\Documents\mdhpw.rtf
[2011.02.10 18:17:17 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.02.10 18:17:16 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.02.10 17:46:31 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.02.10 17:03:25 | 000,004,403 | ---- | M] () -- C:\Windows\ST6UNST.002
[2011.02.10 17:02:29 | 000,004,653 | ---- | M] () -- C:\Windows\ST6UNST.001
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.09 18:01:07 | 000,010,558 | ---- | C] () -- C:\Users\HP\Documents\Femsterdarstellung!.gif
[2011.03.09 18:00:25 | 000,016,386 | ---- | C] () -- C:\Users\HP\Documents\Fensterdarstellung.gif
[2011.03.09 17:55:06 | 000,001,346 | R--- | C] () -- C:\Windows\SimpleScreenshot_Uninstall.in
[2011.03.09 17:55:05 | 000,000,751 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimpleScreenshot.lnk
[2011.03.09 17:55:05 | 000,000,721 | ---- | C] () -- C:\Users\HP\Desktop\SimpleScreenshot.lnk
[2011.03.08 20:12:05 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.02.27 01:40:27 | 000,001,607 | ---- | C] () -- C:\Users\HP\Documents\KündigungTestabo.rtf
[2011.02.25 16:34:27 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.02.25 16:34:27 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.02.24 18:27:38 | 000,920,206 | ---- | C] () -- C:\Users\HP\AppData\Roaming\UserTile.png
[2011.02.24 18:16:51 | 001,516,201 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF1001.JPG
[2011.02.24 18:16:51 | 001,442,673 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0968.JPG
[2011.02.24 18:16:51 | 001,125,170 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF1000.JPG
[2011.02.24 18:16:51 | 001,094,729 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0999.JPG
[2011.02.24 18:16:51 | 001,091,182 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0998.JPG
[2011.02.24 18:16:51 | 001,029,962 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0946.JPG
[2011.02.24 18:16:51 | 000,998,016 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0947.JPG
[2011.02.24 18:16:51 | 000,966,664 | -H-- | C] () -- C:\Users\HP\Desktop\DSCF0945.JPG
[2011.02.24 03:01:00 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.24 03:01:00 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.24 03:01:00 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.02.21 20:40:48 | 000,001,722 | ---- | C] () -- C:\Users\HP\Documents\Ausbildung Anschreiben Encinar.rtf
[2011.02.20 15:29:56 | 000,000,909 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.02.20 15:19:40 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.02.10 17:48:56 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.02.10 17:48:56 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.02.10 17:03:20 | 000,004,403 | ---- | C] () -- C:\Windows\ST6UNST.002
[2011.02.10 17:02:28 | 000,176,128 | ---- | C] () -- C:\Windows\System32\toc18.ocx
[2011.02.10 17:02:08 | 000,004,653 | ---- | C] () -- C:\Windows\ST6UNST.001
[2010.02.16 00:36:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.10 10:21:07 | 000,031,586 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.10 10:21:03 | 000,031,586 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.10.24 15:58:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.07 16:25:59 | 000,001,466 | ---- | C] () -- C:\Users\HP\AppData\Local\RecConfig.xml
[2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.08.01 02:19:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.01 02:19:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.23 20:00:29 | 000,000,024 | ---- | C] () -- C:\Windows\pstudio.ini
[2009.04.23 20:00:29 | 000,000,011 | ---- | C] () -- C:\Windows\album.ini
[2009.02.19 22:35:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.02.19 22:25:13 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.11.01 18:04:22 | 000,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2008.09.02 14:17:07 | 000,027,050 | ---- | C] () -- C:\Users\HP\AppData\Roaming\nvModes.001
[2008.09.01 17:01:06 | 000,027,050 | ---- | C] () -- C:\Users\HP\AppData\Roaming\nvModes.dat
[2008.08.30 21:37:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.29 14:03:42 | 000,173,056 | ---- | C] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.05 19:04:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008.08.05 19:04:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008.08.05 17:28:49 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.08.04 16:46:15 | 000,000,680 | ---- | C] () -- C:\Users\HP\AppData\Local\d3d9caps.dat
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\HP\AppData\Local\lame_enc.dll
[2007.02.27 21:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,293,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\HP\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\HP\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\HP\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\HP\AppData\Local\ogg.dll
[2006.03.10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\HP\AppData\Local\no23xwrapper.dll
[2005.05.08 17:56:44 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2005.04.03 21:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2005.02.25 05:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[1998.05.07 02:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:54997B77
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:30C46519
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
--- --- ---

cosinus 11.03.2011 19:03
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

chenju 11.03.2011 19:27
Ah ,jetzt hab ich sie gefunden..

hier sind noch 2

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413

08.03.2011 23:52:50
mbam-log-2011-03-08 (23-52-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 332065
Laufzeit: 2 Stunde(n), 17 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\HP\AppData\Roaming\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Windows\System32\28463 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\28463\YXLE.001 (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\YXLE.002 (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\YXLE.005 (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\YXLE.009 (Keylogger.Ardamax) -> Quarantined and deleted successfully.



und..

Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1855
Windows 6.0.6002 Service Pack 2

10.02.2011 20:50:24
mbam-log-2011-02-10 (20-50-24).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 128117
Laufzeit: 48 minute(s), 9 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 12.03.2011 12:18
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:54997B77
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:30C46519
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{712a6547-9414-11df-8ee6-001b24c8f5d8}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
O4 - HKCU..\RunOnce: [Shockwave Updater]  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

chenju 12.03.2011 20:59
Hey cosinus Danke..!

hier ist die logfile vom OTL scan!

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:54997B77 deleted successfully.
ADS C:\ProgramData\TEMP:30C46519 deleted successfully.
ADS C:\ProgramData\TEMP:E55CE2D1 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOMODE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{712a6547-9414-11df-8ee6-001b24c8f5d8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{712a6547-9414-11df-8ee6-001b24c8f5d8}\ not found.
File F:\Get_Started_for_Win.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP
->Temp folder emptied: 11570518 bytes
->Temporary Internet Files folder emptied: 240945295 bytes
->Java cache emptied: 86689325 bytes
->Google Chrome cache emptied: 5878095 bytes
->Flash cache emptied: 1568 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151255 bytes
RecycleBin emptied: 117973514 bytes

Total Files Cleaned = 442,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03122011_205224

Files\Folders moved on Reboot...
C:\Users\HP\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHZTX091\ads[1].htm moved successfully.
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ET65PWMJ\96403-problem-mit-vista-darstellungseinstellung-design[1].htm moved successfully.
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\F25D52F9-6D8B-4D32-BD36-023EC134A413.dat moved successfully.
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...


aber das problem ist noch nicht gelöst =(

cosinus 13.03.2011 14:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

chenju 13.03.2011 14:39
Hi cosinus! Danke!

hier das Ergebnis:

Combofix Logfile:
Code:
ComboFix 11-03-12.01 - HP 13.03.2011  14:15:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1258 [GMT 1:00]
ausgeführt von:: c:\users\HP\Desktop\cofi.exe
AV: Kaspersky PURE *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky PURE *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky PURE *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP\AppData\Local\lame_enc.dll
c:\users\HP\AppData\Local\no23xwrapper.dll
c:\users\HP\AppData\Local\ogg.dll
c:\users\HP\AppData\Local\vorbis.dll
c:\users\HP\AppData\Local\vorbisenc.dll
c:\users\HP\AppData\Local\vorbisfile.dll
c:\windows\ST6UNST.000
c:\windows\Tasks\hzvkgpej.job
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-13 bis 2011-03-13  ))))))))))))))))))))))))))))))
.
.
2011-03-13 12:20 . 2011-03-13 12:28        --------        d-----w-        c:\users\HP\AppData\Local\NPE
2011-03-13 10:28 . 2011-03-13 10:46        97859        ----a-w-        c:\windows\system32\drivers\klick.dat
2011-03-13 10:28 . 2011-03-13 10:46        114243        ----a-w-        c:\windows\system32\drivers\klin.dat
2011-03-13 10:27 . 2009-12-14 11:44        39352        ----a-w-        c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-03-13 10:27 . 2009-12-14 11:44        88632        ----a-w-        c:\windows\system32\drivers\CSCrySec.sys
2011-03-13 10:26 . 2011-03-13 10:26        --------        d-----w-        c:\program files\Common Files\InfoWatch
2011-03-13 10:26 . 2011-03-13 12:31        --------        d-----w-        c:\programdata\Kaspersky Lab
2011-03-13 10:26 . 2011-03-13 10:26        --------        d-----w-        c:\program files\Kaspersky Lab
2011-03-12 21:57 . 2011-03-12 21:57        --------        d-----w-        c:\program files\SUPERAntiSpyware
2011-03-12 20:05 . 2011-03-12 20:06        --------        d-----w-        c:\program files\TVersity Codec Pack
2011-03-12 20:05 . 2011-03-12 20:05        --------        d-----w-        c:\programdata\TVersity
2011-03-12 19:52 . 2011-03-12 19:52        --------        d-----w-        C:\_OTL
2011-03-11 18:33 . 2011-03-11 18:33        --------        d-----w-        c:\program files\Recuva
2011-03-11 15:11 . 2011-02-11 06:54        5943120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECB4E394-97C4-4A76-B2B9-A607A67DE3A5}\mpengine.dll
2011-03-09 16:55 . 2011-03-09 16:55        --------        d-----w-        c:\users\HP\AppData\Roaming\SimpleScreenshot
2011-03-09 16:55 . 2008-01-28 13:51        330336        ----a-w-        c:\windows\SSSUn.EXE
2011-03-09 16:54 . 2011-03-09 16:55        --------        d-----w-        c:\program files\SSS
2011-03-08 23:05 . 2010-12-29 18:28        322560        ----a-w-        c:\windows\system32\sbe.dll
2011-03-08 23:05 . 2010-12-29 18:28        153088        ----a-w-        c:\windows\system32\sbeio.dll
2011-03-08 23:05 . 2010-12-29 18:28        429056        ----a-w-        c:\windows\system32\EncDec.dll
2011-03-08 23:05 . 2010-12-29 18:26        177664        ----a-w-        c:\windows\system32\mpg2splt.ax
2011-03-08 23:05 . 2010-12-17 15:45        2067968        ----a-w-        c:\windows\system32\mstscax.dll
2011-03-08 23:05 . 2010-12-17 13:54        677888        ----a-w-        c:\windows\system32\mstsc.exe
2011-03-05 23:39 . 2011-03-06 00:17        --------        d-----w-        c:\program files\ElcomSoft
2011-02-28 23:48 . 2011-03-13 13:12        --------        d-----w-        c:\users\HP\Tracing
2011-02-25 15:34 . 2011-02-25 15:34        --------        d-----w-        c:\program files\Common Files\Adobe
2011-02-24 02:00 . 2009-10-09 21:56        214016        ----a-w-        c:\windows\system32\WsmWmiPl.dll
2011-02-24 02:00 . 2009-10-09 21:56        241152        ----a-w-        c:\windows\system32\winrscmd.dll
2011-02-24 02:00 . 2009-10-09 21:56        145408        ----a-w-        c:\windows\system32\WsmAuto.dll
2011-02-24 02:00 . 2009-10-09 21:56        1181696        ----a-w-        c:\windows\system32\WsmSvc.dll
2011-02-24 02:00 . 2009-10-09 21:56        246272        ----a-w-        c:\windows\system32\WSManHTTPConfig.exe
2011-02-24 02:00 . 2009-10-09 21:55        252416        ----a-w-        c:\windows\system32\WSManMigrationPlugin.dll
2011-02-20 14:42 . 2011-02-27 19:01        --------        d-----w-        c:\programdata\SpeedBit
2011-02-20 14:42 . 2011-02-20 14:42        --------        d-----w-        c:\program files\SearchPredict
2011-02-20 14:42 . 1998-12-05 12:18        172032        ----a-w-        c:\windows\system32\AniGIF.ocx
2011-02-20 14:42 . 2011-02-20 14:42        --------        d-----w-        c:\program files\SpeedBit Video Downloader
2011-02-20 14:20 . 2011-02-05 06:20        94208        ----a-w-        c:\program files\Internet Explorer\de\iediag.resources.dll
2011-02-20 14:17 . 2011-02-20 14:17        --------        d-----w-        c:\program files\Feedback Tool
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-21 18:37 . 2009-04-22 11:49        266240        ------w-        c:\windows\Setup1.exe
2011-02-21 18:37 . 2009-04-22 11:49        74752        ----a-w-        c:\windows\ST6UNST.EXE
2011-02-02 20:40 . 2010-08-03 21:17        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-06 12:08        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 23:09        638336        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 23:09        478720        ----a-w-        c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 23:09        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 23:09        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 23:09        1029120        ----a-w-        c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 23:09        189952        ----a-w-        c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 23:09        37376        ----a-w-        c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 23:09        258048        ----a-w-        c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 23:09        586240        ----a-w-        c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 23:09        2873344        ----a-w-        c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 23:09        26112        ----a-w-        c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 23:09        209920        ----a-w-        c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 23:09        98816        ----a-w-        c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 23:09        1554432        ----a-w-        c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 23:09        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 23:09        667648        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 23:09        847360        ----a-w-        c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 23:09        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 23:09        135680        ----a-w-        c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 23:09        979456        ----a-w-        c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 23:09        357376        ----a-w-        c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 23:09        261632        ----a-w-        c:\windows\system32\mfreadwrite.dll
2011-01-20 14:14 . 2011-02-09 23:09        302592        ----a-w-        c:\windows\system32\mfmp4src.dll
2011-01-20 14:12 . 2011-02-09 23:09        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 23:09        486400        ----a-w-        c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 23:09        683008        ----a-w-        c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 23:09        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 23:09        797184        ----a-w-        c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-09 23:09        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 23:09        292352        ----a-w-        c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 23:10        2039808        ----a-w-        c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-02-08 16:09        413696        ----a-w-        c:\windows\system32\odbc32.dll
2010-12-20 17:09 . 2009-03-16 16:42        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-16 16:42        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-02-08 16:09        1169408        ----a-w-        c:\windows\system32\sdclt.exe
2009-02-24 19:34 . 2009-02-24 19:34        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2011-02-20 14:42        2447360        ----a-w-        c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 16:24        2736736        ----a-w-        c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2009-12-25 15:42        129552        ----a-w-        c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 12889088]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-02 721904]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance        REG_MULTI_SZ          ASBroker ASChannel
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
MSConfigStartUp-AutoRun - c:\program files\BEWERBUNGSMASTER\UpdateCheck_BEWERBUNGSMASTER.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-13 14:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3732)
c:\windows\system32\APSHook.dll
c:\windows\System32\NLSLexicons0007.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-13  14:36:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-13 13:36
.
Vor Suchlauf: 14 Verzeichnis(se), 56.968.085.504 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 56.492.412.928 Bytes frei
.
- - End Of File - - E6F83485ADB818BCFDA01182E7781458
--- --- ---

chenju 13.03.2011 14:47
Ich habe gestern Abend auch mal das SuperAntiSpyware durchlaufen lassen...

Hier die Logfile:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/13/2011 at 00:03 AM

Application Version : 4.49.1000

Core Rules Database Version : 6584
Trace Rules Database Version: 4396

Scan type : Complete Scan
Total Scan Time : 00:57:29

Memory items scanned : 692
Memory threats detected : 1
Registry items scanned : 8901
Registry threats detected : 23
File items scanned : 42618
File threats detected : 111

Adware.HBHelper
C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\TOOLBAR\TBHELPER.DLL
C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\TOOLBAR\TBHELPER.DLL
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
HKCR\URLSearchHook.ToolbarURLSearchHook.1
HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
HKCR\URLSearchHook.ToolbarURLSearchHook
HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR

Adware.Tracking Cookie
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@atdmt[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@atdmt.combing[2].txt
.divx.112.2o7.net [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zanox.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rotator.adjuggler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rotator.adjuggler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adsrv.admediate.net [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adsrv.admediate.net [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
tracking.mlsat02.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rotator.adjuggler.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adsrv.admediate.net [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
m1.webstats.motigo.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.euros4click.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.euros4click.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traffictrack.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traffictrack.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tto2.traffictrack.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
Google [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
Google [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.yopi.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.yopi.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.yopi.de [ C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad.adition[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ads.creative-serving[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@content.yieldmanager[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@www.xxxmsncam[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@content.yieldmanager[3].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@www.moviepilot[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad.ad-srv[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad.adc-serv[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adfarm1.adition[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad.yieldmanager[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad.zanox[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad2.adfarm1.adition[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ad3.adfarm1.adition[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adbrite[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adecn[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adtech[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adfarm1.adition[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adsrv1.admediate[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@atdmt[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adtech[3].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adviva[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@adx.chip[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@apmebf[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@atdmt[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@bs.serving-sys[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@collective-media[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@doubleclick[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@countomat[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@digital-eliteboard[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@doubleclick[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@fastclick[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@eas.apm.emediate[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@im.banner.t-online[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@imrworldwide[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@invitemedia[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@kaspersky.122.2o7[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@media6degrees[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@mediabrandsww[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@mediaplex[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@moviepilot[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@paypal.112.2o7[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@revsci[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ru4[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@sega.missioncontrol.global-media[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@serving-sys[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@tracking.quisma[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@smartadserver[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@specificclick[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@statcounter[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@technoratimedia[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@tradedoubler[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@traffictrack[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@tribalfusion[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@unitymedia[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@vodafonegroup.122.2o7[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@webmasterplan[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@ww251.smartadserver[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@www.etracker[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@zedo[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@xxxmsncam[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@zanox-affiliate[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@zanox[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@zbox.zanox[1].txt

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

cosinus 13.03.2011 18:45
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

chenju 13.03.2011 20:37
GMER Logfile:
Code:
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-13 20:33:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1600BEVS-60RST0 rev.04.01G04
Running: l2ec29w6.exe; Driver: C:\Users\HP\AppData\Local\Temp\pxldipoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwAdjustPrivilegesToken [0x8D927BDC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwAlpcConnectPort [0x8D929538]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwAlpcCreatePort [0x8D92978E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwAlpcSendWaitReceivePort [0x8D929A08]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwClose [0x8D92845C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwConnectPort [0x8D928B3E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateEvent [0x8D928F48]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateFile [0x8D928604]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateMutant [0x8D928E20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateNamedPipeFile [0x8D9277E2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreatePort [0x8D928CDC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateSection [0x8D92799E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateSemaphore [0x8D92907A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateSymbolicLinkObject [0x8D92ACBC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateThread [0x8D9280FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateWaitablePort [0x8D928D7E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwDebugActiveProcess [0x8D92A6AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwDuplicateObject [0x8D92B67E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwFsControlFile [0x8D92875E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwLoadDriver [0x8D92A740]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwMapViewOfSection [0x8D92AD70]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenEvent [0x8D928FEA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenFile [0x8D9284DE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenMutant [0x8D928EB8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenProcess [0x8D927DE2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenSection [0x8D92ACE6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenSemaphore [0x8D92911C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwOpenThread [0x8D927D06]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwQueryDirectoryObject [0x8D929C4A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwQuerySection [0x8D92B088]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwQueueApcThread [0x8D92A9D6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwReplyPort [0x8D9294A6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwReplyWaitReceivePort [0x8D92936C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwRequestWaitReplyPort [0x8D92A44E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwResumeThread [0x8D92B560]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSecureConnectPort [0x8D928878]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSetContextThread [0x8D928318]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSetInformationToken [0x8D929CFE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSetSecurityObject [0x8D92A83A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSetSystemInformation [0x8D92B1C8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSuspendProcess [0x8D92B2AC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSuspendThread [0x8D92B3D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwSystemDebugControl [0x8D92A5DA]
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS                                                    ZwTerminateProcess [0x889DD620]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwTerminateThread [0x8D927EB0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwUnmapViewOfSection [0x8D92AF3E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwWriteVirtualMemory [0x8D92803A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                  ZwCreateThreadEx [0x8D9281FA]

INT 0x51        ?                                                                                                    86503F00
INT 0x52        ?                                                                                                    86503F00
INT 0x72        ?                                                                                                    86503F00
INT 0x72        ?                                                                                                    86503F00
INT 0x82        ?                                                                                                    84C87BF8
INT 0x82        ?                                                                                                    84C87BF8
INT 0x82        ?                                                                                                    84C87BF8
INT 0x82        ?                                                                                                    86503F00
INT 0x82        ?                                                                                                    84C87BF8
INT 0x92        ?                                                                                                    84C87BF8
INT 0xA2        ?                                                                                                    84C87BF8
INT 0xB3        ?                                                                                                    86503F00

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 119                                                                        828C889C 4 Bytes  [DC, 7B, 92, 8D]
.text          ntkrnlpa.exe!KeSetEvent + 13D                                                                        828C88C0 8 Bytes  [38, 95, 92, 8D, 8E, 97, 92, ...]
.text          ntkrnlpa.exe!KeSetEvent + 181                                                                        828C8904 4 Bytes  [08, 9A, 92, 8D]
.text          ntkrnlpa.exe!KeSetEvent + 1A9                                                                        828C892C 4 Bytes  [5C, 84, 92, 8D]
.text          ntkrnlpa.exe!KeSetEvent + 1C1                                                                        828C8944 4 Bytes  [3E, 8B, 92, 8D]
.text          ...                                                                                                 
?              System32\Drivers\spuw.sys                                                                            Das System kann den angegebenen Pfad nicht finden. !
.text          USBPORT.SYS!DllUnload                                                                                8CDC641B 5 Bytes  JMP 865034E0

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                            [8069A6D6] \SystemRoot\System32\Drivers\spuw.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                              [8069A042] \SystemRoot\System32\Drivers\spuw.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                      [8069A800] \SystemRoot\System32\Drivers\spuw.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                            [8069A0C0] \SystemRoot\System32\Drivers\spuw.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                      [8069A13E] \SystemRoot\System32\Drivers\spuw.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                    [806A9E9C] \SystemRoot\System32\Drivers\spuw.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73D77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                  [73DCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]              [73D7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]        [73D6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                  [73D775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73D6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73DA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]      [73D7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]              [73D6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73D6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                [73D671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]        [73DFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73D9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]              [73D6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                        [73D66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73D6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3364] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]          [73D72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                856201F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                  84C891F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                      86637460
Device          \Driver\usbuhci \Device\USBPDO-1                                                                      86637460
Device          \Driver\usbehci \Device\USBPDO-2                                                                      857D41F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                      86637460
Device          \Driver\usbuhci \Device\USBPDO-4                                                                      86637460

AttachedDevice  \Driver\tdx \Device\Tcp                                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\usbuhci \Device\USBPDO-5                                                                      86637460
Device          \Driver\usbehci \Device\USBPDO-6                                                                      857D41F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                84C891F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{282D793E-70F8-44B9-8057-A70B0178C5BA}                              880F1500
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                84C891F8
Device          \Driver\cdrom \Device\CdRom0                                                                          866841F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                          8561E1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4                                                          8561E1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                    8561E1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                    8561E1F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                    8561E1F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                    8561E1F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                    8561E1F8
Device          \Driver\msahci \Device\Ide\PciIde1Channel0                                                            8561F1F8
Device          \Driver\msahci \Device\Ide\PciIde1Channel1                                                            8561F1F8
Device          \Driver\msahci \Device\Ide\PciIde1Channel2                                                            8561F1F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                              880F1500
Device          \Driver\Smb \Device\NetbiosSmb                                                                        88148500
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                    8668C1F8

AttachedDevice  \Driver\tdx \Device\Udp                                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                      86637460
Device          \Driver\usbuhci \Device\USBFDO-1                                                                      86637460
Device          \Driver\usbehci \Device\USBFDO-2                                                                      857D41F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                      86637460
Device          \Driver\usbuhci \Device\USBFDO-4                                                                      86637460
Device          \Driver\usbuhci \Device\USBFDO-5                                                                      86637460
Device          \Driver\usbehci \Device\USBFDO-6                                                                      857D41F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{00B1434B-7E2A-43E8-8A94-334948CEE41E}                              880F1500
Device          \FileSystem\cdfs \Cdfs                                                                                AAC571F8

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                    771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                    285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                     
Reg            HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 

---- EOF - GMER 1.0.15 ----
--- --- ---

chenju 13.03.2011 20:48
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 20:46:00 on 13.03.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8080.16413

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Cognizance Corporation" - C:\Windows\System32\APSHook.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CognizanceWS" - "Cognizance Corporation" - C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\Settings.dll
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"dtscsi" (dtscsi) - "DT Soft Ltd." - C:\Windows\System32\Drivers\dtscsi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kbdqcygg" (kbdqcygg) - ? - C:\Windows\system32\drivers\kbdqcygg.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"pxldipoc" (pxldipoc) - ? - C:\pxldipoc.sys  (Hidden registry entry, rootkit activity | File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{41E300E0-78B6-11ce-849B-444553540000} "Display Effects CPL Extension" - "Microsoft Corporation" - C:\Windows\system32\themeui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
<binary data> "SpeedBit Video Downloader" - ? - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
<binary data> "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtual Keyboard" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe  (File not found)
"PartyPoker.net" - ? - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe  (File not found)
{CCF151D8-D089-449F-A5A4-D9909053F20F} "URLs c&heck" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
<binary data> "SpeedBit Video Downloader" - ? - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
{FF7C3CF0-4B15-11D1-ABED-709549C10000} "GrabberObj Class" - "Speedbit Ltd." - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3017FB3E-9A77-4396-88C5-0EC9548FB42F} "SBCONVERT Class" - ? - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
{389943B0-C3A2-4E69-82CB-8596A84CB3DC} "SearchPredictObj Class" - "Speedbit Ltd." - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} "VeriSoft Access Manager" - "Bioscrypt Inc." - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Privoxy.lnk" - "The Privoxy team - www.privoxy.org" - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"MsnMsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"Vidalia" - ? - "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
"CognizanceTS" - "Cognizance Corporation" - rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
"HP Health Check Scheduler" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"VeriSoft Access Manager" - "Cognizance Corporation" - C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Anmeldesitzungsbroker" (ASBroker) - "Cognizance Corporation" - C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
"Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
"CryptoStorage control service" (CSObjectsSrv) - "Infowatch" - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Kaspersky PURE" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
"Lokaler Verbindungskanal" (ASChannel) - "Cognizance Corporation" - C:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"TVersity Media Server" (TVersityMediaServer) - ? - C:\ProgramData\TVersity\Media Server\MediaServer.exe  (File found, but it contains no detailed information)

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Cognizance Corporation" - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItVCard.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

chenju 13.03.2011 20:50
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6000(KD943EA#ABZ)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 162):
0x8281C000 \SystemRoot\system32\ntkrnlpa.exe
0x82BD6000 \SystemRoot\system32\hal.dll
0x80400000 \SystemRoot\system32\kdcom.dll
0x80407000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80477000 \SystemRoot\system32\PSHED.dll
0x80488000 \SystemRoot\system32\BOOTVID.dll
0x80490000 \SystemRoot\system32\CLFS.SYS
0x804D1000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\System32\Drivers\spuw.sys
0x80799000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x807A2000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x805B1000 \SystemRoot\system32\drivers\acpi.sys
0x807C8000 \SystemRoot\system32\drivers\msisadrv.sys
0x807D0000 \SystemRoot\system32\drivers\pci.sys
0x82E0E000 \SystemRoot\system32\DRIVERS\CSCrySec.sys
0x82E22000 \SystemRoot\System32\drivers\partmgr.sys
0x82E31000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82E34000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82E3E000 \SystemRoot\system32\drivers\volmgr.sys
0x82E4D000 \SystemRoot\System32\drivers\volmgrx.sys
0x82E97000 \SystemRoot\system32\drivers\intelide.sys
0x82E9E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82EAC000 \SystemRoot\System32\drivers\mountmgr.sys
0x82EBC000 \SystemRoot\system32\drivers\atapi.sys
0x82EC4000 \SystemRoot\system32\drivers\ataport.SYS
0x82EE2000 \SystemRoot\system32\drivers\msahci.sys
0x82EEC000 \SystemRoot\system32\drivers\fltmgr.sys
0x82F1E000 \SystemRoot\system32\drivers\fileinfo.sys
0x82F2E000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82F37000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8860A000 \SystemRoot\system32\drivers\ndis.sys
0x88715000 \SystemRoot\system32\drivers\msrpc.sys
0x88740000 \SystemRoot\system32\drivers\NETIO.SYS
0x8880B000 \SystemRoot\System32\drivers\tcpip.sys
0x888F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88A06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88B16000 \SystemRoot\system32\drivers\volsnap.sys
0x88B4F000 \SystemRoot\System32\Drivers\spldr.sys
0x88B57000 \SystemRoot\System32\Drivers\mup.sys
0x88B66000 \SystemRoot\system32\DRIVERS\klbg.sys
0x88B73000 \SystemRoot\System32\drivers\ecache.sys
0x88B9A000 \SystemRoot\system32\drivers\disk.sys
0x88BAB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88BCC000 \SystemRoot\system32\drivers\crcdisk.sys
0x88910000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88BF7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88A00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8891B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88924000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C40C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CD7D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x88933000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CD7F000 \SystemRoot\System32\drivers\watchdog.sys
0x8CD8B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CD96000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CDD4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CE04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D006000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8D235000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8D24C000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8D25C000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8D26A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8D284000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8D293000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8D2A7000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8D2F8000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8D2FB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D30B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D312000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D325000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D330000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D360000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D362000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x8D36B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D376000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D38E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D3BD000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CE91000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D000000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x8CE9C000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8CEA9000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CED3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CEEA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CEF5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CF18000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CF27000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CF3B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CF50000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D3FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CF60000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CF6A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CF77000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CFAC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8CFB5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D60E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D7B8000 \SystemRoot\system32\drivers\portcls.sys
0x8CFC6000 \SystemRoot\system32\drivers\drmk.sys
0x8D804000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8D8FB000 \SystemRoot\system32\drivers\modem.sys
0x8D908000 \SystemRoot\system32\DRIVERS\klif.sys
0x8D959000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D962000 \SystemRoot\System32\Drivers\Null.SYS
0x8D969000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D970000 \SystemRoot\System32\drivers\vga.sys
0x8D97C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D99D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D9A5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D9AD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D9B8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D9C6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D9CF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DA07000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8DF27000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8DF3E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8DF5F000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DF73000 \SystemRoot\system32\drivers\afd.sys
0x8DFBB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D9E5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DFED000 \SystemRoot\system32\DRIVERS\klim6.sys
0x8D7E5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DFF4000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8DFF6000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x8CFEB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x889D3000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8DA00000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8877B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D7F3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CDE3000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D600000 \SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys
0x88BD5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C400000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x88BE2000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x936D0000 \SystemRoot\System32\win32k.sys
0x88BEC000 \SystemRoot\System32\drivers\Dxapi.sys
0x887B7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x938F0000 \SystemRoot\System32\TSDDD.dll
0x93910000 \SystemRoot\System32\cdd.dll
0x887C6000 \SystemRoot\system32\drivers\luafv.sys
0x9A40F000 \SystemRoot\system32\drivers\spsys.sys
0x9A4BF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A4CF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A4F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A503000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A516000 \SystemRoot\system32\drivers\HTTP.sys
0x9A583000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A5A0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A5B9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A5CE000 \SystemRoot\system32\drivers\mrxdav.sys
0x887E1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x82FA8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x82FE1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B400000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B428000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B48E000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9B497000 \SystemRoot\system32\drivers\peauth.sys
0x9B575000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B57F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B58D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9B5A3000 \??\C:\Users\HP\AppData\Local\Temp\pxldipoc.sys
0x77120000 \Windows\System32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
524 C:\Windows\System32\smss.exe
592 csrss.exe
644 C:\Windows\System32\wininit.exe
656 csrss.exe
688 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\nvvsvc.exe
984 C:\Windows\System32\winlogon.exe
1020 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\audiodg.exe
1308 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\SLsvc.exe
1408 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\nvvsvc.exe
1648 C:\Windows\System32\svchost.exe
1868 C:\Windows\System32\spoolsv.exe
1904 C:\Windows\System32\svchost.exe
540 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
1656 C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
1576 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
872 C:\ProgramData\TVersity\Media Server\MediaServer.exe
2068 C:\Windows\System32\svchost.exe
2164 C:\Windows\System32\SearchIndexer.exe
2256 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2600 C:\Windows\System32\taskeng.exe
3264 C:\Windows\System32\dwm.exe
3276 C:\Windows\System32\taskeng.exe
3364 C:\Windows\explorer.exe
2160 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2744 C:\Program Files\HP\QuickPlay\QPService.exe
1684 C:\Windows\RtHDVCpl.exe
1784 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3324 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4020 C:\Windows\ehome\ehtray.exe
3176 C:\Program Files\Windows Media Player\wmpnscfg.exe
3580 C:\Program Files\Windows Media Player\wmpnetwk.exe
3080 C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
3796 C:\Windows\ehome\ehmsas.exe
2644 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1420 C:\Windows\System32\svchost.exe
1892 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3332 C:\Program Files\Internet Explorer\iexplore.exe
1064 C:\Program Files\Internet Explorer\iexplore.exe
3488 C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
3076 C:\Windows\System32\SearchFilterHost.exe
3784 C:\Program Files\Internet Explorer\iexplore.exe
812 C:\Windows\System32\SearchProtocolHost.exe
2116 C:\Users\HP\Desktop\MBRCheck.exe
3216 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`62225800 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-60RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 14.03.2011 09:47
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

chenju 14.03.2011 10:02
laut tool wurden keine infektionen gefunden
hier der bericht:

2011/03/14 09:59:11.0805 5592 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/14 09:59:12.0366 5592 ================================================================================
2011/03/14 09:59:12.0366 5592 SystemInfo:
2011/03/14 09:59:12.0366 5592
2011/03/14 09:59:12.0366 5592 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/14 09:59:12.0366 5592 Product type: Workstation
2011/03/14 09:59:12.0366 5592 ComputerName: HP-PC
2011/03/14 09:59:12.0366 5592 UserName: HP
2011/03/14 09:59:12.0366 5592 Windows directory: C:\Windows
2011/03/14 09:59:12.0366 5592 System windows directory: C:\Windows
2011/03/14 09:59:12.0366 5592 Processor architecture: Intel x86
2011/03/14 09:59:12.0366 5592 Number of processors: 2
2011/03/14 09:59:12.0366 5592 Page size: 0x1000
2011/03/14 09:59:12.0366 5592 Boot type: Normal boot
2011/03/14 09:59:12.0366 5592 ================================================================================
2011/03/14 09:59:13.0505 5592 Initialize success
2011/03/14 09:59:30.0540 6096 ================================================================================
2011/03/14 09:59:30.0540 6096 Scan started
2011/03/14 09:59:30.0540 6096 Mode: Manual;
2011/03/14 09:59:30.0540 6096 ================================================================================
2011/03/14 09:59:32.0147 6096 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/14 09:59:32.0319 6096 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/14 09:59:32.0366 6096 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/14 09:59:32.0412 6096 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/14 09:59:32.0459 6096 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/14 09:59:32.0584 6096 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/14 09:59:32.0631 6096 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/14 09:59:32.0662 6096 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/14 09:59:32.0709 6096 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/14 09:59:32.0756 6096 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/14 09:59:32.0787 6096 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/14 09:59:32.0834 6096 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/14 09:59:32.0865 6096 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/14 09:59:32.0912 6096 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/14 09:59:32.0958 6096 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/14 09:59:33.0052 6096 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/14 09:59:33.0161 6096 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/14 09:59:33.0239 6096 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/14 09:59:33.0286 6096 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/14 09:59:33.0302 6096 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/14 09:59:33.0364 6096 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/14 09:59:33.0395 6096 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/14 09:59:33.0426 6096 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/14 09:59:33.0473 6096 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/14 09:59:33.0520 6096 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/14 09:59:33.0551 6096 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/14 09:59:33.0598 6096 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/14 09:59:33.0676 6096 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/14 09:59:33.0754 6096 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/14 09:59:33.0801 6096 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/14 09:59:33.0894 6096 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/14 09:59:33.0972 6096 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/14 09:59:34.0019 6096 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/14 09:59:34.0050 6096 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/14 09:59:34.0082 6096 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/14 09:59:34.0128 6096 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/14 09:59:34.0238 6096 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\Windows\system32\DRIVERS\CSCrySec.sys
2011/03/14 09:59:34.0300 6096 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
2011/03/14 09:59:34.0550 6096 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/14 09:59:34.0628 6096 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/14 09:59:34.0706 6096 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/14 09:59:34.0784 6096 dtscsi (6461e57bb51a848aae26f52427b7cf9e) C:\Windows\System32\Drivers\dtscsi.sys
2011/03/14 09:59:34.0877 6096 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/14 09:59:34.0955 6096 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/14 09:59:35.0018 6096 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/03/14 09:59:35.0127 6096 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/14 09:59:35.0205 6096 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/14 09:59:35.0283 6096 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/14 09:59:35.0392 6096 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/14 09:59:35.0470 6096 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/14 09:59:35.0501 6096 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/14 09:59:35.0579 6096 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/14 09:59:35.0595 6096 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/14 09:59:35.0642 6096 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/14 09:59:35.0720 6096 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/14 09:59:35.0766 6096 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/14 09:59:35.0798 6096 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/14 09:59:35.0860 6096 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/03/14 09:59:35.0922 6096 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/14 09:59:36.0016 6096 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/14 09:59:36.0078 6096 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/14 09:59:36.0110 6096 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/14 09:59:36.0172 6096 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/14 09:59:36.0219 6096 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/14 09:59:36.0344 6096 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/14 09:59:36.0375 6096 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/14 09:59:36.0422 6096 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/14 09:59:36.0468 6096 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/14 09:59:36.0531 6096 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/14 09:59:36.0656 6096 IntcAzAudAddService (8d7eb1fd498fd0a34c95a298685ec1c7) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/14 09:59:36.0765 6096 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/14 09:59:36.0780 6096 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/14 09:59:36.0827 6096 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/14 09:59:36.0905 6096 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/14 09:59:36.0936 6096 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/14 09:59:36.0968 6096 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/14 09:59:36.0999 6096 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/14 09:59:37.0077 6096 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/14 09:59:37.0124 6096 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/14 09:59:37.0170 6096 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/14 09:59:37.0202 6096 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/14 09:59:37.0295 6096 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/14 09:59:37.0404 6096 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
2011/03/14 09:59:37.0451 6096 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\DRIVERS\klbg.sys
2011/03/14 09:59:37.0514 6096 KLIF (723f185c945c0a6d2e21c2bb26a46fe7) C:\Windows\system32\DRIVERS\klif.sys
2011/03/14 09:59:37.0545 6096 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
2011/03/14 09:59:37.0576 6096 klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/03/14 09:59:37.0670 6096 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/14 09:59:37.0763 6096 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/14 09:59:37.0826 6096 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/14 09:59:37.0857 6096 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/14 09:59:37.0919 6096 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/14 09:59:37.0966 6096 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/14 09:59:38.0044 6096 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
2011/03/14 09:59:38.0091 6096 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/14 09:59:38.0153 6096 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/14 09:59:38.0200 6096 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/14 09:59:38.0247 6096 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/14 09:59:38.0294 6096 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/14 09:59:38.0325 6096 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/14 09:59:38.0372 6096 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/14 09:59:38.0418 6096 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/14 09:59:38.0465 6096 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/14 09:59:38.0496 6096 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/14 09:59:38.0574 6096 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/14 09:59:38.0652 6096 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/14 09:59:38.0699 6096 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/14 09:59:38.0777 6096 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/14 09:59:38.0855 6096 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/03/14 09:59:38.0902 6096 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/14 09:59:38.0949 6096 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/14 09:59:38.0996 6096 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/14 09:59:39.0042 6096 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/14 09:59:39.0105 6096 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/14 09:59:39.0136 6096 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/14 09:59:39.0214 6096 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/14 09:59:39.0245 6096 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/14 09:59:39.0276 6096 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/14 09:59:39.0308 6096 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/14 09:59:39.0417 6096 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/14 09:59:39.0526 6096 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/14 09:59:39.0573 6096 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/14 09:59:39.0604 6096 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/14 09:59:39.0682 6096 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/14 09:59:39.0713 6096 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/14 09:59:39.0760 6096 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/14 09:59:39.0838 6096 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/14 09:59:39.0978 6096 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/03/14 09:59:40.0150 6096 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/03/14 09:59:40.0275 6096 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/14 09:59:40.0353 6096 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/14 09:59:40.0384 6096 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/14 09:59:40.0493 6096 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/14 09:59:40.0556 6096 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/14 09:59:40.0602 6096 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/14 09:59:40.0977 6096 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/14 09:59:41.0351 6096 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/14 09:59:41.0382 6096 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/14 09:59:41.0429 6096 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/14 09:59:41.0632 6096 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/14 09:59:41.0710 6096 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/14 09:59:41.0788 6096 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/14 09:59:41.0835 6096 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/14 09:59:41.0928 6096 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/14 09:59:41.0975 6096 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/14 09:59:42.0084 6096 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/14 09:59:42.0178 6096 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/14 09:59:42.0521 6096 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/14 09:59:42.0584 6096 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/14 09:59:42.0708 6096 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/14 09:59:42.0755 6096 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/14 09:59:42.0849 6096 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/14 09:59:42.0974 6096 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/14 09:59:43.0036 6096 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/14 09:59:43.0067 6096 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/14 09:59:43.0114 6096 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/14 09:59:43.0192 6096 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/14 09:59:43.0270 6096 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/14 09:59:43.0332 6096 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/14 09:59:43.0379 6096 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/14 09:59:43.0426 6096 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/14 09:59:43.0457 6096 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/14 09:59:43.0504 6096 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/14 09:59:43.0598 6096 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/03/14 09:59:43.0629 6096 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/03/14 09:59:43.0660 6096 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/14 09:59:43.0722 6096 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/14 09:59:43.0785 6096 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/14 09:59:43.0863 6096 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/14 09:59:43.0894 6096 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/14 09:59:43.0941 6096 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/14 09:59:44.0034 6096 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/14 09:59:44.0066 6096 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/14 09:59:44.0128 6096 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/14 09:59:44.0159 6096 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/14 09:59:44.0190 6096 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/14 09:59:44.0237 6096 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/14 09:59:44.0284 6096 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/14 09:59:44.0315 6096 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/14 09:59:44.0362 6096 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/14 09:59:44.0424 6096 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/14 09:59:44.0456 6096 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/14 09:59:44.0502 6096 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/14 09:59:44.0596 6096 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/14 09:59:44.0674 6096 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/03/14 09:59:44.0783 6096 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/14 09:59:44.0861 6096 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2011/03/14 09:59:44.0861 6096 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/03/14 09:59:44.0877 6096 sptd - detected Locked file (1)
2011/03/14 09:59:44.0939 6096 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/14 09:59:45.0002 6096 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/14 09:59:45.0033 6096 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/14 09:59:45.0111 6096 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/03/14 09:59:45.0204 6096 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/14 09:59:45.0251 6096 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/14 09:59:45.0282 6096 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/14 09:59:45.0314 6096 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/14 09:59:45.0376 6096 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/14 09:59:45.0501 6096 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/14 09:59:45.0579 6096 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/14 09:59:45.0657 6096 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/14 09:59:45.0704 6096 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/14 09:59:45.0750 6096 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/14 09:59:45.0813 6096 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/14 09:59:45.0891 6096 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/14 09:59:45.0953 6096 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/14 09:59:46.0000 6096 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/14 09:59:46.0078 6096 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/14 09:59:46.0125 6096 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/14 09:59:46.0203 6096 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/14 09:59:46.0265 6096 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/14 09:59:46.0312 6096 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/14 09:59:46.0359 6096 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/14 09:59:46.0406 6096 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/14 09:59:46.0452 6096 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/14 09:59:46.0562 6096 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/03/14 09:59:46.0624 6096 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/14 09:59:46.0671 6096 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/14 09:59:46.0718 6096 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/14 09:59:46.0796 6096 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/14 09:59:46.0842 6096 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/14 09:59:46.0889 6096 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/14 09:59:46.0967 6096 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/14 09:59:47.0030 6096 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/14 09:59:47.0061 6096 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/14 09:59:47.0123 6096 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/14 09:59:47.0170 6096 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/14 09:59:47.0217 6096 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/14 09:59:47.0264 6096 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/14 09:59:47.0295 6096 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/14 09:59:47.0342 6096 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/14 09:59:47.0388 6096 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/14 09:59:47.0466 6096 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/14 09:59:47.0544 6096 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/14 09:59:47.0576 6096 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/14 09:59:47.0669 6096 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/14 09:59:47.0700 6096 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/14 09:59:47.0732 6096 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/14 09:59:47.0794 6096 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/14 09:59:47.0841 6096 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/14 09:59:47.0981 6096 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/14 09:59:48.0106 6096 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/14 09:59:48.0184 6096 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/14 09:59:48.0262 6096 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/14 09:59:48.0340 6096 ================================================================================
2011/03/14 09:59:48.0340 6096 Scan finished
2011/03/14 09:59:48.0340 6096 ================================================================================
2011/03/14 09:59:48.0356 6052 Detected object count: 1
2011/03/14 10:00:05.0235 6052 Locked file(sptd) - User select action: Skip

cosinus 14.03.2011 10:51
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

chenju 14.03.2011 16:00
Hey cosinus, die scans sind fertig, hier die ergebnise:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6048

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413

14.03.2011 13:11:09
mbam-log-2011-03-14 (13-11-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 371486
Laufzeit: 1 Stunde(n), 58 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/14/2011 at 03:55 PM

Application Version : 4.49.1000

Core Rules Database Version : 6586
Trace Rules Database Version: 4398

Scan type : Complete Scan
Total Scan Time : 02:37:40

Memory items scanned : 660
Memory threats detected : 0
Registry items scanned : 8975
Registry threats detected : 0
File items scanned : 220439
File threats detected : 2

Adware.Tracking Cookie
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@atdmt[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@atdmt.combing[2].txt


was soll ich jetzt machen?

cosinus 14.03.2011 16:15
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

chenju 14.03.2011 17:47
bis auf dass mein computer manchmal langsamer scheint..
oder wie gerade eben als ich in angemacht habe, und er nicht hochgefahren ist ,und sich nicht mehr herunterfahren ließ, hab ich den akku raus gemacht, weil er sich komplett aufgehängt hatte..
aber danach ging es und ich hab gleich nochmal einen neu start gemacht..
aber mein problem besteht immer noch wie ich es in meinem ersten post beschrieben und in der grafik gezeigt hab
also dieses problem besteht weiterhin =/

cosinus 14.03.2011 18:44
Schau mal in der Computerverwaltung unter Dienste nach, ob der Dienst Designs läuft und auf automatisch steht. Wenn nicht, den Starttyp auf automatisch stellen und den Dienst starten.

chenju 14.03.2011 18:48
ja der steht auf automatisch... soll ich ihn mal beenden und neu starten?

chenju 14.03.2011 18:53
o.k. hab ich grade gemacht, hat aber nichts gebracht

cosinus 14.03.2011 18:56
Seit wann genau ist das mit den Fensterdarstellungen /Designs denn so? Irgendwas am System verändert, irgendwelche "Tuning" Maßnahmen durchgeführt o.ä. installiert?

chenju 14.03.2011 19:09
mein computer hab ich vor ca. 3monaten mal meiner cousine ihren freund gegeben weil ich schonmal probleme hatte, und zwar konnte ich mein laptop mal nur im abgesichertem modus starten und hab irgendwie auf eigener faust versucht den wiedr fit zu kriegen.. irgendwann war dann nurnoch der bildschirm komplett schwarz.. sonst stand immer da wenn eine cd vorhanden ist diese reintun ..aber mir wurde keine mitgeliefert.. jedenfalls hatte der den ein knappen monat und wollte mir das xp draufmachen als er wieder auf meine festplatte kahm.. aber ich hab ihn darum gebeten alles wieder herzustellen weil ich eigentlich schon vista wollte bzw. so wie er halt vorher war... hat er dann auch hinbekommen.... jo und er hat mich halt gewarnt und gesagt ich solle aufpassen was ich mir runter lade und wenn was unsicher ist auf keinen fall runterladen und so weiter,... aber ich hab dann von meinem youtube konto das passwort vergessen und da ging es auch schon los.. ich hab mir jeden mist runtergeladen ..so passwort cracker und so sachen.. war öfter auch eine warnung von meinem virus programm das die datei gefährlich ist etc.. aber ich glaub manchmal hab ichs doch runtergeladen und installiert..
naja mitlerweile hab ich ein neues konto.. die email adresse ist nicht mehr vorhanden die ich mal hatte deswegen gibt es keinen weg an das passwort zu kommen..
aber es lief alles noch gut und ich hab die sachen auch immer gleich wieder deinstalliert und gelöscht...

zwei sachen die noch komisch sind ist das ich in der system steuerung unter programme die softónic toolbar nicht Deinstallieren kann.. und ich hatte mal versucht meinen canon scanner auf meinen laptop mit vista zu installieren und hab mir einen treiber runtergesaugt ging aber nicht da der nur unter xp läuft.. und diesen treiber bekomm ich auch nicht aus der systemsteuerung/programme raus..

sonst hab ich eigneltich nichts gemacht.!

chenju 14.03.2011 19:10
achso des ist so seit ca. 3 wochen

cosinus 14.03.2011 19:16
Zitat:
ich hab mir jeden mist runtergeladen ..so passwort cracker und so sachen.. war öfter auch eine warnung von meinem virus programm das die datei gefährlich ist etc.. aber ich glaub manchmal hab ichs doch runtergeladen und installiert..
Da wundert mich eigentlich garnichts mehr, das System ist kaputt.
Wieso hast du eigentlich keine Windows-DVD? Steht im Handbuch nicht, dass du dir Recoverymedien brennen musst?

chenju 14.03.2011 19:25
mein laptop ist aus indien mit einer deutschen vista software..
das benutzerhandbuch war nicht auf deutsch.. deswegen konnt ich darin auch nicht lesen..
meiner cousine ihr freund hat mir erst gesagt ich müsste mir eine kaufen
kann man sowas nachkaufen?
oder kann man da überhaupt noch was machen? evtl. ohne geld auszugeben?

cosinus 14.03.2011 19:28
Auf dem Notebook klebt unten ein Lizenzaufkleber mit Windows-Key. Diesen Key kannst du auch in einer ganz normalen Windows-Installations-DVD verwenden, du musst dir nur eine entsprechende DVD leihen.

So eine DVD brauchst du => Windows Vista Home Premium Edition

chenju 14.03.2011 19:30
ich hab schonmal in ebay geschaut .. da gabs aber nur welche für sony und fuji siemens etc... keine für hp.... oder ist das egal? bzw. gibt es acuh eine neutrale die für alle geht?

ja und bringt das überhaupt noch was wenn ich das machen würde?

cosinus 14.03.2011 19:35
Vllt schaust du erstmal, ob da überhaupt ein Lizenzaufklber unten draufklebt? Was bringt dir eine nackte DVD wenn du keinen Key hast? Garnichts.

chenju 14.03.2011 19:36
ja ein product key und ein paar andere nummern sind da schon drauf!

kann man sich sowas nicht online irgendwie runterladen oder so?

cosinus 14.03.2011 19:41
Steht da auch drauf Windows Vista oder ein anderes Windows?

chenju 14.03.2011 19:43
windows vista home premium OEMAct
und darunter der key

cosinus 14.03.2011 19:54
Legal bekommt man Vista nicht als ISO-Image. Leih dir eine DVD von einem Freund.
Wenn keiner eine DVD hat, heißt es nochmal Windows kaufen (Windows7) oder du greifst zu einem alternativen Betriebssystem: Linux.

chenju 14.03.2011 19:57
okay. danke. ich werds mir mal durch den kopf gehen lassen...
wenigstens ist mein laptop jetzt sauber =)
auch wenn das mit der fensterdarstellung nicht funktioniert hat..
vllt besorg ich mir mal das windows 7...
vielen vielen dank trotzdem für alles...

chenju 14.03.2011 19:59
achja meine ganze festpaltte D heißt übrigens RECOVERY kann ich damit vielleicht was machen? oder könnte das schon infeziert sein?

cosinus 14.03.2011 20:05
Wenn du dieser Recovery-Partition noch hast, kannst du evtl. darüber noch Recoverymedien brennen. Aber eine saubere Neuinstallation ist das nicht, dass sich bei den Herstellern die Unsitte verbreitet hat, völlig unütze Programme darin zu integrieren. Man ist nach dem Recovern also ziemlich beschäftigt, irgendwelche Mülltools zu deinstallieren.

chenju 14.03.2011 20:09
ah dann lass ich das lieber.. ist mir zuviel arbeit dafür.. werd mir wohl mal das windows 7 besorgen!
okay alles klar..
dann wären wir ja fertig.. danke danke danke für deine hilfe ..
werde wohl öfter mal einen thread erstellen =) hätte ich damals schon machen sollen.. aber damals nicht dran gedacht naya =)

cosinus 14.03.2011 20:18
Wie gesagt, DVD von Vista leihen geht auch. Oder du nimmst Linux :pfeiff:


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131