Trojaner-Board - Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop (https://www.trojaner-board.de/96956-windows-recovery-befall-kein-zugriff-mehr-dateisystem-desktop.html)

chris7000

29.03.2011 18:04

Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop

Hallo, kann seit dem Befall der Schadsoftware nicht mehr auf meine Dateien zugreifen. Die Ordner sind leer, der Desktop auch..

Malwarebyytes hat den Schädling hoffentlich schon entfernt, OTL logs hab ich auch. Bin zum ersten mal hier, bitte um Ratschläge wenn Infos fehlen oder ich hier falsch bin.

Hier die Logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6170

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

26.03.2011 07:50:18
mbam-log-2011-03-26 (07-50-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 779367
Laufzeit: 9 Stunde(n), 15 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sSqKxkRRLjU (Trojan.FakeAlert) -> Value: sSqKxkRRLjU -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\ssqkxkrrlju.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\42524424.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\cm\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\LNKYLMAL\elxpywfuiljpymkm[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Ich glaube OTL sind zu groß für hier zu posten, es wäre mir lieber sie jemandem per email zu schicken oder als .zip vielleicht?

Bin für alle Ratschläge offen und wäre froh wenn ich meine Kiste wieder zum funktionieren bringen würde.

Viele Grüße Chris7000

cosinus

29.03.2011 19:39

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

chris7000

29.03.2011 20:01

Danke schon mal für die Hilfe, noch ein paar Infos. Hab die Ordner über Systemsteuerung wieder sichtbar gemacht sie sind aber jetzt dunkel. Lasse gerade die unhide.exe über C: laufen. Systemwiederherstellung oft versucht, nie geklappt.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6170

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

26.03.2011 07:50:18
mbam-log-2011-03-26 (07-50-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 779367
Laufzeit: 9 Stunde(n), 15 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sSqKxkRRLjU (Trojan.FakeAlert) -> Value: sSqKxkRRLjU -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\ssqkxkrrlju.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\42524424.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\cm\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\LNKYLMAL\elxpywfuiljpymkm[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6170

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

26.03.2011 08:42:27
mbam-log-2011-03-26 (08-42-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161374
Laufzeit: 16 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

unhide läuft noch..........................

chris7000

29.03.2011 20:12

unhide ist noch nicht fertig, die Ordner auf dem Desktop sehen aber wieder in Ordnung aus und werden auch nicht mehr als "leer" gekennzeichnet bei maus-over.

cosinus

29.03.2011 20:12

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{84edab05-6edf-11de-ab21-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{84edab05-6edf-11de-ab21-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

[2011.03.26 15:08:42 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr

[2011.03.25 19:03:17 | 000,000,392 | -H-- | M] () -- C:\ProgramData\42524424

[2011.03.25 18:58:48 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42524424r

[2011.03.25 18:58:48 | 000,000,080 | -H-- | M] () -- C:\ProgramData\~42524424

[2011.03.25 18:46:40 | 000,000,585 | -H-- | M] () -- C:\Users\cm\Desktop\Windows Recovery.lnk

[2011.03.25 18:47:02 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42524424r

[2011.03.25 18:46:56 | 000,000,080 | -H-- | C] () -- C:\ProgramData\~42524424

[2011.03.25 18:46:40 | 000,000,585 | -H-- | C] () -- C:\Users\cm\Desktop\Windows Recovery.lnk

[2011.03.25 18:46:35 | 000,000,392 | -H-- | C] () -- C:\ProgramData\42524424

[2009.02.14 14:25:18 | 000,087,608 | -H-- | C] () -- C:\Users\cm\AppData\Roaming\inst.exe

@Alternate Data Stream - 35 bytes -> C:\Windows\System32:a292a4c2.zreglib

@Alternate Data Stream - 24 bytes -> C:\Windows:B291B9267092432E

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

chris7000

29.03.2011 20:13

Bei Alle Programme scheint auch wieder alles OK zu sein......................

cosinus

29.03.2011 20:14

Nach der unhide bitte den o.g. OTL-Fix ausführen!

chris7000

29.03.2011 20:34

Hi Arne,

hier das log:

C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84edab05-6edf-11de-ab21-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84edab05-6edf-11de-ab21-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84edab05-6edf-11de-ab21-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84edab05-6edf-11de-ab21-806e6f6e6963}\ not found.
File G:\LaunchU3.exe -a not found.
C:\Windows\S.dirmngr moved successfully.
C:\ProgramData\42524424 moved successfully.
C:\ProgramData\~42524424r moved successfully.
C:\ProgramData\~42524424 moved successfully.
C:\Users\cm\Desktop\Windows Recovery.lnk moved successfully.
File C:\ProgramData\~42524424r not found.
File C:\ProgramData\~42524424 not found.
File C:\Users\cm\Desktop\Windows Recovery.lnk not found.
File C:\ProgramData\42524424 not found.
C:\Users\cm\AppData\Roaming\inst.exe moved successfully.
ADS C:\Windows\System32:a292a4c2.zreglib deleted successfully.
ADS C:\Windows:B291B9267092432E deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: cm
->Temp folder emptied: 877489677 bytes
->Temporary Internet Files folder emptied: 27711928 bytes
->Java cache emptied: 14076954 bytes
->FireFox cache emptied: 58124027 bytes
->Google Chrome cache emptied: 6796039 bytes
->Flash cache emptied: 11396 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1497894 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2458774 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 942,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 03292011_211847

Files\Folders moved on Reboot...
C:\Users\cm\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

Gleich noch eine Frage, kann ich so eine drive by inst irgendwie vermeiden? Wenn ja wie?

cosinus

30.03.2011 09:06

Zitat:

kann ich so eine drive by inst irgendwie vermeiden? Wenn ja wie?

http://de.wikipedia.org/wiki/Drive-by-Download

"Zum Schutz vor ungewollten Drive-by-Downloads hilft es, immer die aktuelle Version des Browsers zu verwenden, sowie Plugins wie den Flash Player, sowie den Adobe Reader immer auf dem neuesten Stand zu halten. [11] Teilweise, insbesondere im kommerziellen Umfeld, werden diese Skriptsprachen auch auf Ebene der IT-Administration abgeschaltet oder gefiltert. Eine weitere Maßnahme besteht in Browser-Plugins, die Skripte jeweils nur nach Freigabe durch den Anwender zulassen, etwa NoScript oder FlashBlock für Firefox."

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

chris7000

30.03.2011 21:15

Hallo,

hier das cofi log:

Combofix Logfile:

Code:

ComboFix 11-03-29.06 - cm 30.03.2011  21:56:08.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3038.1790 [GMT 2:00]

ausgeführt von:: c:\cofi\ComboFix.exe

Benutzte Befehlsschalter :: ComboFix

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\My.ini

c:\windows\system32\bin

c:\windows\system32\bin\appletviewer.exe

c:\windows\system32\bin\apt.exe

c:\windows\system32\bin\beanreg.dll

c:\windows\system32\bin\extcheck.exe

c:\windows\system32\bin\HtmlConverter.exe

c:\windows\system32\bin\idlj.exe

c:\windows\system32\bin\jar.exe

c:\windows\system32\bin\jarsigner.exe

c:\windows\system32\bin\java-rmi.exe

c:\windows\system32\bin\java.exe

c:\windows\system32\bin\javac.exe

c:\windows\system32\bin\javadoc.exe

c:\windows\system32\bin\javah.exe

c:\windows\system32\bin\javap.exe

c:\windows\system32\bin\javaw.exe

c:\windows\system32\bin\javaws.exe

c:\windows\system32\bin\jconsole.exe

c:\windows\system32\bin\jdb.exe

c:\windows\system32\bin\jhat.exe

c:\windows\system32\bin\jinfo.exe

c:\windows\system32\bin\jli.dll

c:\windows\system32\bin\jmap.exe

c:\windows\system32\bin\jps.exe

c:\windows\system32\bin\jrunscript.exe

c:\windows\system32\bin\jstack.exe

c:\windows\system32\bin\jstat.exe

c:\windows\system32\bin\jstatd.exe

c:\windows\system32\bin\jvisualvm.exe

c:\windows\system32\bin\keytool.exe

c:\windows\system32\bin\kinit.exe

c:\windows\system32\bin\klist.exe

c:\windows\system32\bin\ktab.exe

c:\windows\system32\bin\msvcr71.dll

c:\windows\system32\bin\native2ascii.exe

c:\windows\system32\bin\orbd.exe

c:\windows\system32\bin\pack200.exe

c:\windows\system32\bin\packager.exe

c:\windows\system32\bin\policytool.exe

c:\windows\system32\bin\rmic.exe

c:\windows\system32\bin\rmid.exe

c:\windows\system32\bin\rmiregistry.exe

c:\windows\system32\bin\schemagen.exe

c:\windows\system32\bin\serialver.exe

c:\windows\system32\bin\servertool.exe

c:\windows\system32\bin\tnameserv.exe

c:\windows\system32\bin\unpack200.exe

c:\windows\system32\bin\wsgen.exe

c:\windows\system32\bin\wsimport.exe

c:\windows\system32\bin\xjc.exe

c:\windows\system32\muzapp.exe

c:\windows\system32\system

c:\windows\system32\system32

c:\windows\system32\system32\cis-2.4.dll

c:\windows\system32\system32\issacapi_bs-2.3.dll

c:\windows\system32\system32\issacapi_pe-2.3.dll

c:\windows\system32\system32\issacapi_se-2.3.dll

c:\windows\system32\system32\MACXMLProto.dll

c:\windows\system32\system32\MaDRM.dll

c:\windows\system32\system32\MaJGUILib.dll

c:\windows\system32\system32\MaJUtilLib.dll

c:\windows\system32\system32\MAMACExtract.dll

c:\windows\system32\system32\MASetupCaller.dll

c:\windows\system32\system32\MASetupCleaner.exe

c:\windows\system32\system32\MaXMLProto.dll

c:\windows\system32\system32\MetaStore2.dll

c:\windows\system32\system32\Microsoft.Synchronization.dll

c:\windows\system32\system32\MK_Lyric.dll

c:\windows\system32\system32\MSCLib.dll

c:\windows\system32\system32\MSFLib.dll

c:\windows\system32\system32\MSLUR71.dll

c:\windows\system32\system32\msvcp60.dll

c:\windows\system32\system32\MTTELECHIP.dll

c:\windows\system32\system32\MTXSYNCICON.dll

c:\windows\system32\system32\muzaf1.dll

c:\windows\system32\system32\muzapp.dll

c:\windows\system32\system32\muzapp.exe

c:\windows\system32\system32\muzdecode.ax

c:\windows\system32\system32\muzeffect.ax

c:\windows\system32\system32\muzmp4sp.ax

c:\windows\system32\system32\muzmpgsp.ax

c:\windows\system32\system32\muzoggsp.ax

c:\windows\system32\system32\muzwmts.dll

c:\windows\system32\system32\psapi.dll

c:\windows\system32\system32\Synchronization2.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-02-28 bis 2011-03-30  ))))))))))))))))))))))))))))))

.

.

2016-10-01 20:59 . 2016-10-01 20:59        --------        d-----w-        c:\programdata\SlySoft

2016-10-01 20:55 . 2010-06-04 21:09        --------        d-----w-        c:\program files\SlySoft

2011-03-30 20:05 . 2011-03-30 20:05        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-03-29 21:22 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{52AB7D94-A659-4C2B-9B56-71CA97D7A4F3}\mpengine.dll

2011-03-27 18:46 . 2011-03-18 17:56        781272        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-03-27 18:46 . 2011-03-18 17:56        728024        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll

2011-03-27 18:46 . 2011-03-18 17:56        719832        ----a-w-        c:\program files\Mozilla Firefox\mozcpp19.dll

2011-03-27 18:46 . 2011-03-18 17:56        1874904        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll

2011-03-27 18:46 . 2011-03-18 17:56        16856        ----a-w-        c:\program files\Mozilla Firefox\plugin-container.exe

2011-03-27 18:46 . 2011-03-18 17:56        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll

2011-03-27 18:46 . 2011-03-18 17:56        142296        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll

2011-03-27 18:46 . 2011-03-18 17:56        142296        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-03-27 18:46 . 2011-03-18 17:56        1975768        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-03-27 18:46 . 2011-03-18 17:56        1893336        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-03-26 17:15 . 2011-03-26 17:15        --------        d-----w-        c:\users\cm\frc

2011-03-26 14:15 . 2002-02-18 17:40        6200        ----a-w-        c:\windows\system32\INT13EXT.VXD

2011-03-26 13:17 . 2011-03-29 20:09        --------        d-----w-        c:\users\cm\AppData\Roaming\GHISLER

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\UC.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\RAR.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\PKZIP.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\PKUNZIP.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\NOCLOSE.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\LHA.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\ARJ.PIF

2011-03-25 18:59 . 2011-03-25 18:59        --------        d-----w-        c:\users\cm\AppData\Roaming\Malwarebytes

2011-03-25 18:59 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-25 18:59 . 2011-03-25 18:59        --------        d-----w-        c:\programdata\Malwarebytes

2011-03-25 18:59 . 2011-03-25 18:59        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-03-25 18:59 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-03-23 20:06 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2011-03-23 20:06 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-03-23 20:06 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll

2011-03-16 20:16 . 2011-01-29 16:00        821824        ----a-w-        c:\windows\system32\dgderapi.dll

2011-03-16 20:16 . 2011-01-29 16:00        319456        ----a-w-        c:\windows\system32\DIFxAPI.dll

2011-03-16 20:16 . 2011-01-29 16:00        20032        ----a-w-        c:\windows\system32\drivers\dgderdrv.sys

2011-03-09 17:45 . 2010-12-29 18:28        322560        ----a-w-        c:\windows\system32\sbe.dll

2011-03-09 17:45 . 2010-12-29 18:28        153088        ----a-w-        c:\windows\system32\sbeio.dll

2011-03-09 17:45 . 2010-12-29 18:28        429056        ----a-w-        c:\windows\system32\EncDec.dll

2011-03-09 17:45 . 2010-12-29 18:26        177664        ----a-w-        c:\windows\system32\mpg2splt.ax

2011-03-09 17:45 . 2010-12-17 15:45        2067968        ----a-w-        c:\windows\system32\mstscax.dll

2011-03-09 17:45 . 2010-12-17 13:54        677888        ----a-w-        c:\windows\system32\mstsc.exe

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-16 19:56 . 2010-10-10 13:15        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-02-02 17:11 . 2009-10-03 13:40        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-01-31 01:01 . 2011-02-20 18:46        87340080        ----a-w-        c:\users\cm\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe

2011-01-29 22:16 . 2011-01-29 22:16        30056        ----a-w-        c:\windows\system32\MASetupCleaner.exe

2011-01-29 16:00 . 2011-02-20 18:54        4659712        ----a-w-        c:\windows\system32\Redemption.dll

2011-01-29 16:00 . 2011-01-29 16:00        90112        ----a-w-        c:\windows\MAMCityDownload.ocx

2011-01-29 16:00 . 2011-01-29 16:00        325552        ----a-w-        c:\windows\MASetupCaller.dll

2011-01-29 16:00 . 2011-01-29 16:00        30568        ----a-w-        c:\windows\MusiccityDownload.exe

2011-01-29 16:00 . 2011-01-29 16:00        974848        ----a-w-        c:\windows\system32\cis-2.4.dll

2011-01-29 16:00 . 2011-01-29 16:00        81920        ----a-w-        c:\windows\system32\issacapi_bs-2.3.dll

2011-01-29 16:00 . 2011-01-29 16:00        65536        ----a-w-        c:\windows\system32\issacapi_pe-2.3.dll

2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\system32\MTXSYNCICON.dll

2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\system32\MK_Lyric.dll

2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\system32\issacapi_se-2.3.dll

2011-01-29 16:00 . 2011-01-29 16:00        569344        ----a-w-        c:\windows\system32\muzdecode.ax

2011-01-29 16:00 . 2011-01-29 16:00        491520        ----a-w-        c:\windows\system32\muzapp.dll

2011-01-29 16:00 . 2011-01-29 16:00        49152        ----a-w-        c:\windows\system32\MaJGUILib.dll

2011-01-29 16:00 . 2011-01-29 16:00        45056        ----a-w-        c:\windows\system32\MaXMLProto.dll

2011-01-29 16:00 . 2011-01-29 16:00        45056        ----a-w-        c:\windows\system32\MACXMLProto.dll

2011-01-29 16:00 . 2011-01-29 16:00        40960        ----a-w-        c:\windows\system32\MTTELECHIP.dll

2011-01-29 16:00 . 2011-01-29 16:00        40960        ----a-w-        c:\windows\system32\MAMACExtract.dll

2011-01-29 16:00 . 2011-01-29 16:00        352256        ----a-w-        c:\windows\system32\MSLUR71.dll

2011-01-29 16:00 . 2011-01-29 16:00        258048        ----a-w-        c:\windows\system32\muzoggsp.ax

2011-01-29 16:00 . 2011-01-29 16:00        245760        ----a-w-        c:\windows\system32\MSCLib.dll

2011-01-29 16:00 . 2011-01-29 16:00        200704        ----a-w-        c:\windows\system32\muzwmts.dll

2011-01-29 16:00 . 2011-01-29 16:00        155648        ----a-w-        c:\windows\system32\MSFLib.dll

2011-01-29 16:00 . 2011-01-29 16:00        143360        ----a-w-        c:\windows\system32\3DAudio.ax

2011-01-29 16:00 . 2011-01-29 16:00        135168        ----a-w-        c:\windows\system32\muzaf1.dll

2011-01-29 16:00 . 2011-01-29 16:00        131072        ----a-w-        c:\windows\system32\muzmpgsp.ax

2011-01-29 16:00 . 2011-01-29 16:00        122880        ----a-w-        c:\windows\system32\muzeffect.ax

2011-01-29 16:00 . 2011-01-29 16:00        118784        ----a-w-        c:\windows\system32\MaDRM.dll

2011-01-29 16:00 . 2011-01-29 16:00        110592        ----a-w-        c:\windows\system32\muzmp4sp.ax

2011-01-25 20:15 . 2008-12-21 10:16        3063561        ----a-w-        c:\programdata\MobileTV.exe

2011-01-20 16:37 . 2011-02-10 08:14        638336        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-10 08:14        478720        ----a-w-        c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-10 08:14        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-10 08:14        189952        ----a-w-        c:\windows\system32\d3d10core.dll

2011-01-20 16:08 . 2011-02-10 08:14        160768        ----a-w-        c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-10 08:14        1029120        ----a-w-        c:\windows\system32\d3d10.dll

2011-01-20 16:07 . 2011-02-10 08:14        37376        ----a-w-        c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-10 08:14        258048        ----a-w-        c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-10 08:14        586240        ----a-w-        c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-10 08:14        2873344        ----a-w-        c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-10 08:14        26112        ----a-w-        c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-10 08:14        98816        ----a-w-        c:\windows\system32\mfps.dll

2011-01-20 16:04 . 2011-02-10 08:14        209920        ----a-w-        c:\windows\system32\mfplat.dll

2011-01-20 14:28 . 2011-02-10 08:14        1554432        ----a-w-        c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-10 08:14        876032        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-10 08:14        667648        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-10 08:14        847360        ----a-w-        c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-10 08:14        135680        ----a-w-        c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-10 08:14        979456        ----a-w-        c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-10 08:14        357376        ----a-w-        c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-10 08:14        302592        ----a-w-        c:\windows\system32\mfmp4src.dll

2011-01-20 14:14 . 2011-02-10 08:14        261632        ----a-w-        c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12 . 2011-02-10 08:14        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-10 08:14        486400        ----a-w-        c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-10 08:14        683008        ----a-w-        c:\windows\system32\d2d1.dll

2011-01-08 08:47 . 2011-02-10 08:12        34304        ----a-w-        c:\windows\system32\atmlib.dll

2011-01-08 06:28 . 2011-02-10 08:12        292352        ----a-w-        c:\windows\system32\atmfd.dll

2011-01-03 08:38 . 2011-02-20 18:55        136680        ----a-w-        c:\windows\system32\drivers\ssadmdm.sys

2011-01-03 08:38 . 2011-02-20 18:55        10344        ----a-w-        c:\windows\system32\drivers\ssadwhnt.sys

2011-01-03 08:38 . 2011-02-20 18:55        10344        ----a-w-        c:\windows\system32\drivers\ssadwh.sys

2011-01-03 08:38 . 2011-02-20 18:55        12776        ----a-w-        c:\windows\system32\drivers\ssadmdfl.sys

2011-01-03 08:38 . 2011-02-20 18:55        121192        ----a-w-        c:\windows\system32\drivers\ssadbus.sys

2011-01-03 08:38 . 2011-02-20 18:55        10472        ----a-w-        c:\windows\system32\drivers\ssadcmnt.sys

2011-01-03 08:38 . 2011-02-20 18:55        10472        ----a-w-        c:\windows\system32\drivers\ssadcm.sys

2010-12-31 13:57 . 2011-02-10 08:15        2039808        ----a-w-        c:\windows\system32\win32k.sys

2011-03-18 17:56 . 2011-03-27 18:46        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

2008-06-30 11:44 . 2008-08-07 19:02        324976        ----a-w-        c:\program files\mozilla firefox\components\coFFPlgn.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2010-04-27 08:08        2393184        ----a-w-        c:\program files\DVDVideoSoftTB\tbDVDV.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-02-01 4828792]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]

"avira update"="c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe" [2010-11-04 516353]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

2011-02-01 15:12        4828792        ----a-w-        c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2007-03-12 13:51        663552        ------w-        c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2007-01-29 20:10        46632        ----a-w-        c:\program files\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2007-01-29 20:12        30248        ----a-w-        c:\program files\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

2007-02-01 12:46        255528        ----a-w-        c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 08:03        210472        ----a-w-        c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]

R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [2009-12-30 114688]

R3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]

R3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]

R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [2009-04-21 12800]

S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2010/06/05 22:44];c:\program files\HP\QuickPlay\000.fcl [2009-01-12 14:50 87536]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]

S2 Apache2.2;Apache2.2;d:\work\xampp\apache\bin\apache.exe [2008-06-14 17408]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-06 217088]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-06-09 2368]

S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-09-06 36640]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]

S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - FSUSBEXDISK

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-16 17:02        114688        ----a-w-        c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Inhalt des "geplante Tasks" Ordners

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Free YouTube Download - c:\users\cm\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\cm\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\cm\AppData\Roaming\Mozilla\Firefox\Profiles\m6j957hu.default\

FF - prefs.js: browser.startup.homepage - freenet.de - E-Mail, Singles, Nachrichten & Services

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-30 22:05

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 6.0.6002 Disk: TOSHIBA_MK3252GSX rev.LV011C -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!! 

sectors 625142446 (+0): user != kernel

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]

"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2011-03-30  22:10:20

ComboFix-quarantined-files.txt  2011-03-30 20:10

.

Vor Suchlauf: 18 Verzeichnis(se), 49.438.863.360 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 49.350.377.472 Bytes frei

.

- - End Of File - - 590DD44DEC81574CF6CB443C505FD1D0

--- --- ---

Viele Grüße

cosinus

31.03.2011 12:36

Zitat:

ausgeführt von:: c:\cofi\ComboFix.exe

Solltest du die Anleitung nicht sorgfältig lesen und umsetzen?

chris7000

01.04.2011 23:06

Ich hoffe so ist es besser:

Combofix Logfile:

Code:

ComboFix 11-04-01.01 - cm 01.04.2011  23:41:44.4.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3038.1813 [GMT 2:00]

ausgeführt von:: c:\users\cm\Desktop\cofi.exe

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-01 bis 2011-04-01  ))))))))))))))))))))))))))))))

.

.

2016-10-01 20:59 . 2016-10-01 20:59        --------        d-----w-        c:\programdata\SlySoft

2016-10-01 20:55 . 2010-06-04 21:09        --------        d-----w-        c:\program files\SlySoft

2011-04-01 21:56 . 2011-04-01 21:56        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-04-01 20:56 . 2011-04-01 21:15        --------        d-----w-        C:\cofi

2011-04-01 17:46 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C19BC1D-EF03-44D8-AC60-0E2B1691AB71}\mpengine.dll

2011-03-31 19:55 . 2011-03-31 19:55        --------        d-----w-        c:\users\Superhelden

2011-03-30 19:52 . 2011-03-30 20:10        --------        d-----w-        C:\ComboFix

2011-03-27 18:46 . 2011-03-18 17:56        781272        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-03-27 18:46 . 2011-03-18 17:56        728024        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll

2011-03-27 18:46 . 2011-03-18 17:56        719832        ----a-w-        c:\program files\Mozilla Firefox\mozcpp19.dll

2011-03-27 18:46 . 2011-03-18 17:56        1874904        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll

2011-03-27 18:46 . 2011-03-18 17:56        16856        ----a-w-        c:\program files\Mozilla Firefox\plugin-container.exe

2011-03-27 18:46 . 2011-03-18 17:56        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll

2011-03-27 18:46 . 2011-03-18 17:56        142296        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll

2011-03-27 18:46 . 2011-03-18 17:56        142296        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-03-27 18:46 . 2011-03-18 17:56        1975768        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-03-27 18:46 . 2011-03-18 17:56        1893336        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-03-26 17:15 . 2011-03-26 17:15        --------        d-----w-        c:\users\cm\frc

2011-03-26 14:15 . 2002-02-18 17:40        6200        ----a-w-        c:\windows\system32\INT13EXT.VXD

2011-03-26 13:17 . 2011-03-29 20:09        --------        d-----w-        c:\users\cm\AppData\Roaming\GHISLER

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\UC.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\RAR.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\PKZIP.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\PKUNZIP.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\NOCLOSE.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\LHA.PIF

2011-03-26 13:17 . 2010-12-17 06:56        545        ----a-w-        c:\windows\ARJ.PIF

2011-03-25 18:59 . 2011-03-25 18:59        --------        d-----w-        c:\users\cm\AppData\Roaming\Malwarebytes

2011-03-25 18:59 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-25 18:59 . 2011-03-25 18:59        --------        d-----w-        c:\programdata\Malwarebytes

2011-03-25 18:59 . 2011-03-25 18:59        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-03-25 18:59 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-03-23 20:06 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2011-03-23 20:06 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-03-23 20:06 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll

2011-03-16 20:16 . 2011-01-29 16:00        821824        ----a-w-        c:\windows\system32\dgderapi.dll

2011-03-16 20:16 . 2011-01-29 16:00        319456        ----a-w-        c:\windows\system32\DIFxAPI.dll

2011-03-16 20:16 . 2011-01-29 16:00        20032        ----a-w-        c:\windows\system32\drivers\dgderdrv.sys

2011-03-09 17:45 . 2010-12-29 18:28        322560        ----a-w-        c:\windows\system32\sbe.dll

2011-03-09 17:45 . 2010-12-29 18:28        153088        ----a-w-        c:\windows\system32\sbeio.dll

2011-03-09 17:45 . 2010-12-29 18:28        429056        ----a-w-        c:\windows\system32\EncDec.dll

2011-03-09 17:45 . 2010-12-29 18:26        177664        ----a-w-        c:\windows\system32\mpg2splt.ax

2011-03-09 17:45 . 2010-12-17 15:45        2067968        ----a-w-        c:\windows\system32\mstscax.dll

2011-03-09 17:45 . 2010-12-17 13:54        677888        ----a-w-        c:\windows\system32\mstsc.exe

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-16 19:56 . 2010-10-10 13:15        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-02-02 17:11 . 2009-10-03 13:40        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-01-31 01:01 . 2011-02-20 18:46        87340080        ----a-w-        c:\users\cm\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe

2011-01-29 22:16 . 2011-01-29 22:16        30056        ----a-w-        c:\windows\system32\MASetupCleaner.exe

2011-01-29 16:00 . 2011-02-20 18:54        4659712        ----a-w-        c:\windows\system32\Redemption.dll

2011-01-29 16:00 . 2011-01-29 16:00        90112        ----a-w-        c:\windows\MAMCityDownload.ocx

2011-01-29 16:00 . 2011-01-29 16:00        325552        ----a-w-        c:\windows\MASetupCaller.dll

2011-01-29 16:00 . 2011-01-29 16:00        30568        ----a-w-        c:\windows\MusiccityDownload.exe

2011-01-29 16:00 . 2011-01-29 16:00        974848        ----a-w-        c:\windows\system32\cis-2.4.dll

2011-01-29 16:00 . 2011-01-29 16:00        81920        ----a-w-        c:\windows\system32\issacapi_bs-2.3.dll

2011-01-29 16:00 . 2011-01-29 16:00        65536        ----a-w-        c:\windows\system32\issacapi_pe-2.3.dll

2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\system32\MTXSYNCICON.dll

2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\system32\MK_Lyric.dll

2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\system32\issacapi_se-2.3.dll

2011-01-29 16:00 . 2011-01-29 16:00        569344        ----a-w-        c:\windows\system32\muzdecode.ax

2011-01-29 16:00 . 2011-01-29 16:00        491520        ----a-w-        c:\windows\system32\muzapp.dll

2011-01-29 16:00 . 2011-01-29 16:00        49152        ----a-w-        c:\windows\system32\MaJGUILib.dll

2011-01-29 16:00 . 2011-01-29 16:00        45056        ----a-w-        c:\windows\system32\MaXMLProto.dll

2011-01-29 16:00 . 2011-01-29 16:00        45056        ----a-w-        c:\windows\system32\MACXMLProto.dll

2011-01-29 16:00 . 2011-01-29 16:00        40960        ----a-w-        c:\windows\system32\MTTELECHIP.dll

2011-01-29 16:00 . 2011-01-29 16:00        40960        ----a-w-        c:\windows\system32\MAMACExtract.dll

2011-01-29 16:00 . 2011-01-29 16:00        352256        ----a-w-        c:\windows\system32\MSLUR71.dll

2011-01-29 16:00 . 2011-01-29 16:00        258048        ----a-w-        c:\windows\system32\muzoggsp.ax

2011-01-29 16:00 . 2011-01-29 16:00        245760        ----a-w-        c:\windows\system32\MSCLib.dll

2011-01-29 16:00 . 2011-01-29 16:00        200704        ----a-w-        c:\windows\system32\muzwmts.dll

2011-01-29 16:00 . 2011-01-29 16:00        155648        ----a-w-        c:\windows\system32\MSFLib.dll

2011-01-29 16:00 . 2011-01-29 16:00        143360        ----a-w-        c:\windows\system32\3DAudio.ax

2011-01-29 16:00 . 2011-01-29 16:00        135168        ----a-w-        c:\windows\system32\muzaf1.dll

2011-01-29 16:00 . 2011-01-29 16:00        131072        ----a-w-        c:\windows\system32\muzmpgsp.ax

2011-01-29 16:00 . 2011-01-29 16:00        122880        ----a-w-        c:\windows\system32\muzeffect.ax

2011-01-29 16:00 . 2011-01-29 16:00        118784        ----a-w-        c:\windows\system32\MaDRM.dll

2011-01-29 16:00 . 2011-01-29 16:00        110592        ----a-w-        c:\windows\system32\muzmp4sp.ax

2011-01-25 20:15 . 2008-12-21 10:16        3063561        ----a-w-        c:\programdata\MobileTV.exe

2011-01-20 16:37 . 2011-02-10 08:14        638336        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-10 08:14        478720        ----a-w-        c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-10 08:14        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-10 08:14        189952        ----a-w-        c:\windows\system32\d3d10core.dll

2011-01-20 16:08 . 2011-02-10 08:14        160768        ----a-w-        c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-10 08:14        1029120        ----a-w-        c:\windows\system32\d3d10.dll

2011-01-20 16:07 . 2011-02-10 08:14        37376        ----a-w-        c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-10 08:14        258048        ----a-w-        c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-10 08:14        586240        ----a-w-        c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-10 08:14        2873344        ----a-w-        c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-10 08:14        26112        ----a-w-        c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-10 08:14        98816        ----a-w-        c:\windows\system32\mfps.dll

2011-01-20 16:04 . 2011-02-10 08:14        209920        ----a-w-        c:\windows\system32\mfplat.dll

2011-01-20 14:28 . 2011-02-10 08:14        1554432        ----a-w-        c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-10 08:14        876032        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-10 08:14        667648        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-10 08:14        847360        ----a-w-        c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-10 08:14        135680        ----a-w-        c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-10 08:14        979456        ----a-w-        c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-10 08:14        357376        ----a-w-        c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-10 08:14        302592        ----a-w-        c:\windows\system32\mfmp4src.dll

2011-01-20 14:14 . 2011-02-10 08:14        261632        ----a-w-        c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12 . 2011-02-10 08:14        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-10 08:14        486400        ----a-w-        c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-10 08:14        683008        ----a-w-        c:\windows\system32\d2d1.dll

2011-01-08 08:47 . 2011-02-10 08:12        34304        ----a-w-        c:\windows\system32\atmlib.dll

2011-01-08 06:28 . 2011-02-10 08:12        292352        ----a-w-        c:\windows\system32\atmfd.dll

2011-01-03 08:38 . 2011-02-20 18:55        136680        ----a-w-        c:\windows\system32\drivers\ssadmdm.sys

2011-01-03 08:38 . 2011-02-20 18:55        10344        ----a-w-        c:\windows\system32\drivers\ssadwhnt.sys

2011-01-03 08:38 . 2011-02-20 18:55        10344        ----a-w-        c:\windows\system32\drivers\ssadwh.sys

2011-01-03 08:38 . 2011-02-20 18:55        12776        ----a-w-        c:\windows\system32\drivers\ssadmdfl.sys

2011-01-03 08:38 . 2011-02-20 18:55        121192        ----a-w-        c:\windows\system32\drivers\ssadbus.sys

2011-01-03 08:38 . 2011-02-20 18:55        10472        ----a-w-        c:\windows\system32\drivers\ssadcmnt.sys

2011-01-03 08:38 . 2011-02-20 18:55        10472        ----a-w-        c:\windows\system32\drivers\ssadcm.sys

2011-03-18 17:56 . 2011-03-27 18:46        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

2008-06-30 11:44 . 2008-08-07 19:02        324976        ----a-w-        c:\program files\mozilla firefox\components\coFFPlgn.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2010-04-27 08:08        2393184        ----a-w-        c:\program files\DVDVideoSoftTB\tbDVDV.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-02-01 4828792]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]

"avira update"="c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe" [2010-11-04 516353]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

2011-02-01 15:12        4828792        ----a-w-        c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2007-03-12 13:51        663552        ------w-        c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2007-01-29 20:10        46632        ----a-w-        c:\program files\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2007-01-29 20:12        30248        ----a-w-        c:\program files\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

2007-02-01 12:46        255528        ----a-w-        c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 08:03        210472        ----a-w-        c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]

R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [2009-12-30 114688]

R3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]

R3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]

R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [2009-04-21 12800]

S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2010/06/05 22:44];c:\program files\HP\QuickPlay\000.fcl [2009-01-12 14:50 87536]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]

S2 Apache2.2;Apache2.2;d:\work\xampp\apache\bin\apache.exe [2008-06-14 17408]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-06 217088]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-06-09 2368]

S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]

S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - FSUSBEXDISK

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-16 17:02        114688        ----a-w-        c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Free YouTube Download - c:\users\cm\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\cm\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\windows\system32\wpclsp.dll

FF - ProfilePath - c:\users\cm\AppData\Roaming\Mozilla\Firefox\Profiles\m6j957hu.default\

FF - prefs.js: browser.startup.homepage - freenet.de - E-Mail, Singles, Nachrichten & Services

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-01 23:56

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 6.0.6002 Disk: TOSHIBA_MK3252GSX rev.LV011C -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!! 

sectors 625142446 (+0): user != kernel

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]

"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2011-04-02  00:01:07

ComboFix-quarantined-files.txt  2011-04-01 22:01

ComboFix2.txt  2011-04-01 21:15

ComboFix3.txt  2011-03-30 20:10

.

Vor Suchlauf: 21 Verzeichnis(se), 48.513.511.424 Bytes frei

Nach Suchlauf: 22 Verzeichnis(se), 48.393.584.640 Bytes frei

.

- - End Of File - - 083D280A4FFCE196A5E4DE6BD94111D7

--- --- ---
Viele Grüße

cosinus

02.04.2011 13:48

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

chris7000

04.04.2011 20:29

Hier die logs:

2011/04/04 21:19:42.0950 2896 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/04 21:19:43.0274 2896 ================================================================================
2011/04/04 21:19:43.0274 2896 SystemInfo:
2011/04/04 21:19:43.0274 2896
2011/04/04 21:19:43.0274 2896 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/04 21:19:43.0274 2896 Product type: Workstation
2011/04/04 21:19:43.0275 2896 ComputerName: HP-MACHINE
2011/04/04 21:19:43.0275 2896 UserName: cm
2011/04/04 21:19:43.0275 2896 Windows directory: C:\Windows
2011/04/04 21:19:43.0275 2896 System windows directory: C:\Windows
2011/04/04 21:19:43.0275 2896 Processor architecture: Intel x86
2011/04/04 21:19:43.0275 2896 Number of processors: 2
2011/04/04 21:19:43.0275 2896 Page size: 0x1000
2011/04/04 21:19:43.0275 2896 Boot type: Normal boot
2011/04/04 21:19:43.0275 2896 ================================================================================
2011/04/04 21:19:44.0456 2896 Initialize success
2011/04/04 21:19:52.0368 1452 ================================================================================
2011/04/04 21:19:52.0368 1452 Scan started
2011/04/04 21:19:52.0368 1452 Mode: Manual;
2011/04/04 21:19:52.0368 1452 ================================================================================
2011/04/04 21:19:53.0612 1452 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/04/04 21:19:53.0660 1452 Accelerometer (aef9ee4451d5c46370142cb06d0f3591) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/04/04 21:19:53.0782 1452 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/04 21:19:53.0935 1452 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/04/04 21:19:54.0026 1452 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/04 21:19:54.0131 1452 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/04 21:19:54.0177 1452 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/04 21:19:54.0227 1452 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/04 21:19:54.0384 1452 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/04 21:19:54.0459 1452 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/04 21:19:54.0738 1452 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/04 21:19:54.0932 1452 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/04 21:19:55.0089 1452 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/04 21:19:55.0121 1452 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/04 21:19:55.0156 1452 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/04 21:19:55.0280 1452 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/04 21:19:55.0471 1452 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\Windows\system32\Drivers\AnyDVD.sys
2011/04/04 21:19:55.0641 1452 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/04 21:19:55.0680 1452 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/04 21:19:55.0815 1452 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/04 21:19:55.0861 1452 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/04 21:19:56.0001 1452 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/04/04 21:19:56.0048 1452 AVerAF15 (69a7ce53ffa89e0116faf5369384bbe5) C:\Windows\system32\Drivers\AVerAF15.sys
2011/04/04 21:19:56.0185 1452 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/04 21:19:56.0297 1452 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/04 21:19:56.0420 1452 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/04 21:19:56.0587 1452 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/04 21:19:56.0731 1452 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/04 21:19:56.0790 1452 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/04 21:19:56.0913 1452 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/04 21:19:56.0974 1452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/04 21:19:57.0079 1452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/04 21:19:57.0137 1452 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/04 21:19:57.0253 1452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/04 21:19:57.0297 1452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/04 21:19:57.0329 1452 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/04 21:19:57.0443 1452 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/04 21:19:57.0512 1452 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/04 21:19:57.0627 1452 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/04 21:19:57.0707 1452 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/04/04 21:19:57.0821 1452 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/04 21:19:57.0895 1452 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
2011/04/04 21:19:57.0993 1452 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2011/04/04 21:19:58.0042 1452 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/04 21:19:58.0259 1452 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/04 21:19:58.0337 1452 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/04 21:19:58.0459 1452 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/04 21:19:58.0549 1452 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/04 21:19:58.0687 1452 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/04 21:19:58.0735 1452 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/04 21:19:58.0859 1452 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/04 21:19:58.0903 1452 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/04 21:19:58.0935 1452 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/04 21:19:59.0059 1452 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/04 21:19:59.0228 1452 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
2011/04/04 21:19:59.0399 1452 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/04 21:19:59.0567 1452 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/04 21:19:59.0629 1452 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/04 21:19:59.0771 1452 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/04 21:19:59.0970 1452 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/04 21:20:00.0057 1452 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/04/04 21:20:00.0203 1452 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/04 21:20:00.0340 1452 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
2011/04/04 21:20:00.0535 1452 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/04 21:20:00.0644 1452 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/04 21:20:00.0771 1452 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/04 21:20:00.0853 1452 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/04 21:20:00.0970 1452 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/04 21:20:01.0021 1452 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/04 21:20:01.0075 1452 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/04 21:20:01.0171 1452 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/04 21:20:01.0295 1452 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
2011/04/04 21:20:01.0408 1452 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/04 21:20:01.0469 1452 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/04 21:20:01.0593 1452 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/04/04 21:20:01.0669 1452 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/04 21:20:01.0758 1452 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/04 21:20:01.0847 1452 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/04 21:20:01.0931 1452 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/04 21:20:02.0028 1452 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/04 21:20:02.0126 1452 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/04 21:20:02.0200 1452 hpdskflt (64637b65c90df48c94bb9346afb3ac61) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/04/04 21:20:02.0290 1452 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/04/04 21:20:02.0314 1452 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/04/04 21:20:02.0467 1452 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/04 21:20:02.0538 1452 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/04/04 21:20:02.0707 1452 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/04 21:20:02.0760 1452 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/04 21:20:02.0883 1452 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/04 21:20:02.0935 1452 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/04 21:20:03.0062 1452 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/04 21:20:03.0126 1452 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/04 21:20:03.0235 1452 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/04 21:20:03.0310 1452 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/04 21:20:03.0440 1452 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/04 21:20:03.0503 1452 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/04 21:20:03.0632 1452 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/04 21:20:03.0696 1452 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/04 21:20:03.0760 1452 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/04 21:20:03.0862 1452 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/04 21:20:03.0909 1452 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/04 21:20:03.0946 1452 JMCR (dedb6cc1b166928a8f3f68def1766db0) C:\Windows\system32\DRIVERS\jmcr.sys
2011/04/04 21:20:04.0040 1452 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/04 21:20:04.0131 1452 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/04 21:20:04.0255 1452 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/04 21:20:04.0350 1452 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/04 21:20:04.0465 1452 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/04 21:20:04.0519 1452 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/04 21:20:04.0572 1452 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/04 21:20:04.0639 1452 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/04 21:20:04.0708 1452 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/04/04 21:20:04.0827 1452 mdf15 (7ad11a5b5ea3bb3093a24c85e653ce54) C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys
2011/04/04 21:20:04.0944 1452 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/04 21:20:05.0013 1452 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/04 21:20:05.0141 1452 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/04 21:20:05.0210 1452 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/04 21:20:05.0308 1452 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/04 21:20:05.0337 1452 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/04 21:20:05.0374 1452 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/04 21:20:05.0485 1452 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/04 21:20:05.0559 1452 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/04 21:20:05.0645 1452 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/04 21:20:05.0707 1452 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/04 21:20:05.0802 1452 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/04 21:20:05.0889 1452 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/04 21:20:05.0948 1452 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/04 21:20:06.0096 1452 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/04/04 21:20:06.0149 1452 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/04 21:20:06.0294 1452 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/04/04 21:20:06.0350 1452 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/04 21:20:06.0471 1452 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/04 21:20:06.0558 1452 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/04 21:20:06.0656 1452 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/04 21:20:06.0702 1452 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/04 21:20:06.0813 1452 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/04 21:20:06.0868 1452 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/04 21:20:06.0901 1452 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/04 21:20:07.0014 1452 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/04 21:20:07.0120 1452 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/04 21:20:07.0267 1452 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/04 21:20:07.0342 1452 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/04 21:20:07.0433 1452 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/04 21:20:07.0532 1452 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/04 21:20:07.0643 1452 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/04 21:20:07.0685 1452 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/04 21:20:07.0756 1452 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/04 21:20:07.0999 1452 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/04/04 21:20:08.0200 1452 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/04 21:20:08.0265 1452 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/04 21:20:08.0378 1452 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/04 21:20:08.0501 1452 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/04 21:20:08.0646 1452 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/04 21:20:08.0676 1452 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/04 21:20:08.0758 1452 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/04/04 21:20:08.0882 1452 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/04 21:20:09.0191 1452 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/04 21:20:09.0544 1452 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/04 21:20:09.0580 1452 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/04 21:20:09.0618 1452 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/04 21:20:09.0788 1452 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/04 21:20:09.0936 1452 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/04/04 21:20:09.0991 1452 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/04 21:20:10.0132 1452 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/04 21:20:10.0197 1452 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/04 21:20:10.0326 1452 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/04 21:20:10.0367 1452 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/04 21:20:10.0401 1452 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/04 21:20:10.0554 1452 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/04 21:20:10.0711 1452 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\Windows\system32\drivers\pfc.sys
2011/04/04 21:20:10.0763 1452 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/04 21:20:10.0792 1452 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/04 21:20:10.0935 1452 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/04 21:20:11.0008 1452 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/04 21:20:11.0122 1452 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/04 21:20:11.0205 1452 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/04 21:20:11.0319 1452 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/04 21:20:11.0350 1452 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/04 21:20:11.0423 1452 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/04 21:20:11.0543 1452 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/04 21:20:11.0604 1452 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/04 21:20:11.0666 1452 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/04 21:20:11.0773 1452 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/04 21:20:11.0802 1452 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/04 21:20:11.0871 1452 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/04 21:20:11.0966 1452 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/04 21:20:12.0101 1452 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/04 21:20:12.0178 1452 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/04 21:20:12.0272 1452 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/04 21:20:12.0374 1452 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/04 21:20:12.0484 1452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/04 21:20:12.0568 1452 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/04 21:20:12.0620 1452 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/04 21:20:12.0740 1452 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/04 21:20:12.0806 1452 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/04 21:20:12.0832 1452 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/04 21:20:12.0865 1452 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/04 21:20:12.0977 1452 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/04 21:20:13.0050 1452 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/04 21:20:13.0082 1452 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/04 21:20:13.0121 1452 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/04 21:20:13.0240 1452 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/04 21:20:13.0320 1452 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/04 21:20:13.0379 1452 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/04 21:20:13.0498 1452 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/04 21:20:13.0587 1452 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/04 21:20:13.0730 1452 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/04/04 21:20:14.0252 1452 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/04/04 21:20:14.0364 1452 ssadmdm (9afaa23421622c392b55508fa9613949) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/04/04 21:20:14.0502 1452 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/04/04 21:20:14.0595 1452 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/04/04 21:20:14.0684 1452 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/04/04 21:20:14.0745 1452 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/04 21:20:14.0937 1452 STHDA (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys
2011/04/04 21:20:15.0066 1452 SVKP (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2011/04/04 21:20:15.0147 1452 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/04 21:20:15.0187 1452 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/04 21:20:15.0246 1452 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/04 21:20:15.0273 1452 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/04 21:20:15.0389 1452 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/04 21:20:15.0534 1452 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/04 21:20:15.0618 1452 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/04 21:20:15.0730 1452 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/04 21:20:15.0782 1452 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/04 21:20:15.0843 1452 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/04 21:20:15.0929 1452 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/04 21:20:15.0986 1452 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/04 21:20:16.0081 1452 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
2011/04/04 21:20:16.0171 1452 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/04 21:20:16.0251 1452 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/04 21:20:16.0340 1452 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/04 21:20:16.0380 1452 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/04 21:20:16.0448 1452 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/04 21:20:16.0540 1452 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/04 21:20:16.0594 1452 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/04 21:20:16.0665 1452 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/04 21:20:16.0725 1452 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/04 21:20:16.0749 1452 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/04 21:20:16.0795 1452 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/04 21:20:16.0876 1452 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/04 21:20:16.0967 1452 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/04 21:20:17.0008 1452 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/04 21:20:17.0092 1452 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/04 21:20:17.0187 1452 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/04 21:20:17.0287 1452 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/04 21:20:17.0380 1452 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/04 21:20:17.0416 1452 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/04 21:20:17.0510 1452 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/04 21:20:17.0613 1452 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/04 21:20:17.0685 1452 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/04 21:20:17.0719 1452 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/04 21:20:17.0799 1452 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/04 21:20:17.0838 1452 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/04 21:20:17.0902 1452 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/04 21:20:18.0006 1452 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/04 21:20:18.0115 1452 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/04 21:20:18.0211 1452 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/04 21:20:18.0287 1452 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/04 21:20:18.0325 1452 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 21:20:18.0350 1452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 21:20:18.0455 1452 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/04 21:20:18.0519 1452 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/04 21:20:18.0636 1452 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/04/04 21:20:18.0835 1452 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/04 21:20:18.0935 1452 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/04 21:20:19.0048 1452 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/04 21:20:19.0147 1452 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/04 21:20:19.0386 1452 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\HP\QuickPlay\000.fcl
2011/04/04 21:20:19.0919 1452 ================================================================================
2011/04/04 21:20:19.0919 1452 Scan finished
2011/04/04 21:20:19.0919 1452 ================================================================================

Norman TDSS Cleaner
Version 2.0.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/11/12 12:32:24

Scan started: 2011/04/04 21:22:30

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6002 Service Pack 2
Logged on user: hp-machine\cm

Scanning kernel...

Scan complete

Norman TDSS Cleaner
Version 2.0.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/11/12 12:32:24

Scan started: 2011/04/04 21:22:30

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6002 Service Pack 2
Logged on user: hp-machine\cm

Scanning kernel...

Scan complete

Viele Grüße

chris7000

04.04.2011 20:30

Es waren keine Treffer nach den Scans..................

chris7000

04.04.2011 20:30

Bin ich jetzt durch?

cosinus

04.04.2011 20:34

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

chris7000

06.04.2011 19:59

GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-06 07:16:00
Windows 6.0.6002 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011C
Running: 06jw2e2o.exe; Driver: C:\Users\cm\AppData\Local\Temp\uwtiyaoc.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Program Files\HP\QuickPlay\000.fcl section is writeable [0xA460F000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\HP\QuickPlay\000.fcl entry point in ".vmp2" section [0xA4632050]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4964] ntdll.dll!DbgUiRemoteBreakin 779DCD84 1 Byte [C3]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74797817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7479BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7478F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7478E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7479DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7478FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7478FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7481CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7478D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74786853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7478687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74792AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread SYSTEM [4:2724] 90C034C6

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021862efcad
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218665f713
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218665f713@00180fa86f7b 0xF7 0x15 0xDB 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218665f713@0011b107a20c 0x22 0xC3 0x67 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218665f713@00229846dd3a 0x0B 0x16 0x53 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218665f713@3c5a37b039f3 0x23 0x9D 0x23 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e9feff4
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021862efcad (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218665f713 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218665f713@00180fa86f7b 0xF7 0x15 0xDB 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218665f713@0011b107a20c 0x22 0xC3 0x67 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218665f713@00229846dd3a 0x0B 0x16 0x53 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218665f713@3c5a37b039f3 0x23 0x9D 0x23 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e9feff4 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x11 0x9D 0x2F 0xA0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xA8 0x93 0x04 0x3B ...

chris7000

06.04.2011 20:00

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 20:56:22 on 06.04.2011
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 4.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL

"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL

"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

"ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\cm\AppData\Local\Temp\catchme.sys  (File not found)

"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\Windows\System32\drivers\dgderdrv.sys

"Driver for MagicISO SCSI Host Controller" (mcdbus) - "MagicISO, Inc." - C:\Windows\System32\DRIVERS\mcdbus.sys

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys

"EraserUtilDrvI7" (EraserUtilDrvI7) - ? - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys  (File not found)

"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"mdf15" (mdf15) - ? - C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys

"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\Windows\System32\drivers\pfc.sys

"Power Control [2010/06/05 22:44:42]" ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) - ? - C:\Program Files\HP\QuickPlay\000.fcl

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File not found)

"SVKP" (SVKP) - "AntiCracking" - C:\Windows\system32\SVKP.sys

"uwtiyaoc" (uwtiyaoc) - ? - C:\Users\cm\AppData\Local\Temp\uwtiyaoc.sys  (Hidden registry entry, rootkit activity | File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{3D874BD4-F636-46b0-B6B9-4D1946D72BEC} "freenet.de Dateimanager" - ? -   (File not found | COM-object registry key not found)

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{A40526DD-F152-4C1D-844C-CE668D29B77E} "Shell extension for NTP" - ? -   (File not found | COM-object registry key not found)

{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll

{2F25CF20-C569-11D1-B94C-00608CB45480} "TextPad" - "Helios Software Solutions" - C:\ProgramFiles\TextPad 4\System\shellext.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\cm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"AnyDVD" - "SlySoft, Inc." - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

"KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s

"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"avira update" - "Avira GmbH" - C:\\Program Files\\Avira\\AntiVir Desktop\\update.exe

"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

"OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

"Win2PDF Port" - ? - C:\Windows\system32\win2pdfm.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Apache2.2" (Apache2.2) - "Apache Software Foundation" - D:\work\xampp\apache\bin\apache.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"  (File not found)

"DirMngr" (DirMngr) - ? - C:\Program Files\GNU\GnuPG\dirmngr.exe  (File found, but it contains no detailed information)

"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll

"FileZilla Server FTP server" (FileZilla Server) - "FileZilla Project" - D:\work\xampp\FileZillaFTP\FileZillaServer.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe

"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"mysql" (mysql) - ? - D:\work\xampp\mysql\bin\mysqld-nt.exe  (File found, but it contains no detailed information)

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

"QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe

"SAMSUNG AllShare Service" (AllShare) - ? - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe  (File found, but it contains no detailed information)

"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

"Virtual Disk Service Manager" (MSR Service) - ? - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe  (File found, but it contains no detailed information)
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

chris7000

06.04.2011 20:00

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 20:56:22 on 06.04.2011
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 4.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL

"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL

"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

"ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\cm\AppData\Local\Temp\catchme.sys  (File not found)

"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\Windows\System32\drivers\dgderdrv.sys

"Driver for MagicISO SCSI Host Controller" (mcdbus) - "MagicISO, Inc." - C:\Windows\System32\DRIVERS\mcdbus.sys

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys

"EraserUtilDrvI7" (EraserUtilDrvI7) - ? - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys  (File not found)

"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"mdf15" (mdf15) - ? - C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys

"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\Windows\System32\drivers\pfc.sys

"Power Control [2010/06/05 22:44:42]" ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) - ? - C:\Program Files\HP\QuickPlay\000.fcl

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File not found)

"SVKP" (SVKP) - "AntiCracking" - C:\Windows\system32\SVKP.sys

"uwtiyaoc" (uwtiyaoc) - ? - C:\Users\cm\AppData\Local\Temp\uwtiyaoc.sys  (Hidden registry entry, rootkit activity | File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{3D874BD4-F636-46b0-B6B9-4D1946D72BEC} "freenet.de Dateimanager" - ? -   (File not found | COM-object registry key not found)

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{A40526DD-F152-4C1D-844C-CE668D29B77E} "Shell extension for NTP" - ? -   (File not found | COM-object registry key not found)

{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll

{2F25CF20-C569-11D1-B94C-00608CB45480} "TextPad" - "Helios Software Solutions" - C:\ProgramFiles\TextPad 4\System\shellext.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\cm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"AnyDVD" - "SlySoft, Inc." - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

"KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s

"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"avira update" - "Avira GmbH" - C:\\Program Files\\Avira\\AntiVir Desktop\\update.exe

"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

"OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

"Win2PDF Port" - ? - C:\Windows\system32\win2pdfm.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Apache2.2" (Apache2.2) - "Apache Software Foundation" - D:\work\xampp\apache\bin\apache.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"  (File not found)

"DirMngr" (DirMngr) - ? - C:\Program Files\GNU\GnuPG\dirmngr.exe  (File found, but it contains no detailed information)

"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll

"FileZilla Server FTP server" (FileZilla Server) - "FileZilla Project" - D:\work\xampp\FileZillaFTP\FileZillaServer.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe

"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"mysql" (mysql) - ? - D:\work\xampp\mysql\bin\mysqld-nt.exe  (File found, but it contains no detailed information)

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

"QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe

"SAMSUNG AllShare Service" (AllShare) - ? - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe  (File found, but it contains no detailed information)

"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

"Virtual Disk Service Manager" (MSR Service) - ? - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe  (File found, but it contains no detailed information)
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

chris7000

06.04.2011 20:09

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Compal
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 219):
0x8264D000 \SystemRoot\system32\ntkrnlpa.exe
0x8261A000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047F000 \SystemRoot\system32\PSHED.dll
0x80490000 \SystemRoot\system32\BOOTVID.dll
0x80498000 \SystemRoot\system32\CLFS.SYS
0x804D9000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80690000 \SystemRoot\system32\drivers\acpi.sys
0x806D6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DF000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E7000 \SystemRoot\system32\drivers\pci.sys
0x8070E000 \SystemRoot\system32\drivers\isapnp.sys
0x8071D000 \SystemRoot\system32\drivers\mpio.sys
0x80739000 \SystemRoot\System32\drivers\partmgr.sys
0x80748000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8074B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80755000 \SystemRoot\system32\drivers\volmgr.sys
0x80764000 \SystemRoot\System32\drivers\volmgrx.sys
0x807AE000 \SystemRoot\system32\drivers\intelide.sys
0x807B5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807C3000 \SystemRoot\system32\drivers\pciide.sys
0x807CA000 \SystemRoot\system32\drivers\aliide.sys
0x807D1000 \SystemRoot\system32\drivers\amdide.sys
0x807D8000 \SystemRoot\system32\drivers\cmdide.sys
0x807E0000 \SystemRoot\System32\drivers\mountmgr.sys
0x805B9000 \SystemRoot\system32\drivers\msdsm.sys
0x805D3000 \SystemRoot\system32\drivers\nvraid.sys
0x8AC0F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AC30000 \SystemRoot\system32\drivers\viaide.sys
0x8AC38000 \SystemRoot\system32\drivers\iastorv.sys
0x8ACD9000 \SystemRoot\system32\drivers\atapi.sys
0x8ACE1000 \SystemRoot\system32\drivers\ataport.SYS
0x8ACFF000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x8AD19000 \SystemRoot\system32\drivers\storport.sys
0x8AD5A000 \SystemRoot\system32\drivers\nvstor.sys
0x8AD67000 \SystemRoot\system32\drivers\msahci.sys
0x8AD71000 \SystemRoot\system32\drivers\hpcisss.sys
0x8AD7C000 \SystemRoot\system32\drivers\adp94xx.sys
0x8AE08000 \SystemRoot\system32\drivers\adpahci.sys
0x8AE54000 \SystemRoot\system32\drivers\adpu160m.sys
0x8AE6F000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8AE95000 \SystemRoot\system32\drivers\adpu320.sys
0x8AEBB000 \SystemRoot\system32\drivers\djsvs.sys
0x8AECF000 \SystemRoot\system32\drivers\arc.sys
0x8AEE5000 \SystemRoot\system32\drivers\arcsas.sys
0x8AEFB000 \SystemRoot\system32\drivers\elxstor.sys
0x8AF8F000 \SystemRoot\system32\drivers\i2omp.sys
0x8AF99000 \SystemRoot\system32\drivers\iirsp.sys
0x8AFA9000 \SystemRoot\system32\drivers\iteatapi.sys
0x8AFB5000 \SystemRoot\system32\drivers\iteraid.sys
0x8AFC1000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8AFDB000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8AFF3000 \SystemRoot\system32\drivers\megasas.sys
0x8B00C000 \SystemRoot\system32\drivers\megasr.sys
0x8B0C3000 \SystemRoot\system32\drivers\mraid35x.sys
0x8B0CE000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B200000 \SystemRoot\system32\drivers\ql2300.sys
0x8B338000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B38D000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B39A000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B3AF000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B3BB000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B3C6000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B0DC000 \SystemRoot\system32\drivers\uliahci.sys
0x8B3D1000 \SystemRoot\system32\drivers\ulsata.sys
0x8B118000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B144000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B165000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B197000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B40E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B47F000 \SystemRoot\system32\drivers\ndis.sys
0x8B58A000 \SystemRoot\system32\drivers\msrpc.sys
0x8B5B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B605000 \SystemRoot\System32\drivers\tcpip.sys
0x8B6EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B806000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B916000 \SystemRoot\system32\drivers\wd.sys
0x8B91E000 \SystemRoot\system32\drivers\volsnap.sys
0x8B957000 \SystemRoot\System32\Drivers\spldr.sys
0x8B95F000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B974000 \SystemRoot\System32\Drivers\mup.sys
0x8B983000 \SystemRoot\System32\drivers\ecache.sys
0x8B9AA000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8B9B3000 \SystemRoot\system32\drivers\disk.sys
0x8B9C4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B9EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B70A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B713000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B9FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F001000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F958000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F95A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B722000 \SystemRoot\System32\drivers\watchdog.sys
0x8B72E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B739000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B777000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FA0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8FF89000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FFAA000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FFBA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FFC8000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x8FFDD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FFF0000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8FFF5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FA9A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FACA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FACC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FAD7000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x8FAF0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FB08000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x8FB13000 \SystemRoot\system32\DRIVERS\enecir.sys
0x8FB2B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8FB34000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FB63000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FB6E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FB85000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FB90000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FBB3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FBC2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FBD6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FBEB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B786000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8FBFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B7A3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B7CD000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B7DB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B1A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B7E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9040E000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x90476000 \SystemRoot\system32\DRIVERS\portcls.sys
0x904A3000 \SystemRoot\system32\DRIVERS\drmk.sys
0x904C8000 \SystemRoot\system32\drivers\nvhda32v.sys
0x904D6000 \SystemRoot\system32\DRIVERS\hidir.sys
0x904E1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x904F1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x904F8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90501000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90509000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90512000 \SystemRoot\System32\Drivers\Null.SYS
0x90519000 \SystemRoot\System32\Drivers\Beep.SYS
0x90520000 \SystemRoot\System32\drivers\vga.sys
0x9052C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9054D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90555000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9055D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90568000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90576000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9057F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90595000 \SystemRoot\system32\DRIVERS\smb.sys
0x905A9000 \SystemRoot\system32\drivers\afd.sys
0x90600000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90632000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x9063B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90651000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90679000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9068C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90692000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x906CE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x906D8000 \??\C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys
0x906E1000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x906EB000 \SystemRoot\System32\Drivers\dfsc.sys
0x90702000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x907B5000 \SystemRoot\System32\Drivers\AVerAF15.sys
0x907FA000 \SystemRoot\System32\Drivers\BdaSup.SYS
0x90D4C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90D63000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90D84000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90D91000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90D9C000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9AEC0000 \SystemRoot\System32\win32k.sys
0x90DA6000 \SystemRoot\System32\drivers\Dxapi.sys
0x9B0E0000 \SystemRoot\System32\TSDDD.dll
0x9B100000 \SystemRoot\System32\cdd.dll
0x9B110000 \SystemRoot\System32\ATMFD.DLL
0x90DBF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x90DD4000 \SystemRoot\system32\drivers\luafv.sys
0xA1000000 \SystemRoot\system32\drivers\spsys.sys
0xA10B0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA10C0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA10EA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA10F4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA1107000 \SystemRoot\system32\drivers\HTTP.sys
0xA1174000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA1191000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA11AA000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA11BF000 \SystemRoot\system32\drivers\mrxdav.sys
0xA11E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2009000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA2042000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA205A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2082000 \SystemRoot\System32\DRIVERS\srv.sys
0xA20E8000 \SystemRoot\System32\Drivers\adfs.SYS
0xA20F9000 \SystemRoot\system32\drivers\peauth.sys
0xA21D7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA21E1000 \??\C:\Windows\system32\SVKP.sys
0xA21E2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA460E000 \??\C:\Program Files\HP\QuickPlay\000.fcl
0xA463A000 \??\C:\Program Files\Clarus\Samsung SecretZone\mvd20.sys
0xA4652000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xA465D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4673000 \SystemRoot\system32\drivers\MSPQM.sys
0xA4675000 \??\C:\Users\cm\AppData\Local\Temp\uwtiyaoc.sys
0xA47E0000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xA468E000 \SystemRoot\System32\Drivers\bthport.sys
0xA470E000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xA4737000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xA4741000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0xA4750000 \SystemRoot\system32\drivers\modem.sys
0xA475D000 \SystemRoot\system32\drivers\btwavdt.sys
0xA47C4000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x90C80000 \SystemRoot\system32\drivers\btwaudio.sys
0xA47D0000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0xA47ED000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77950000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 SYSTEM
456 C:\Windows\System32\smss.exe
588 csrss.exe
640 C:\Windows\System32\wininit.exe
652 csrss.exe
684 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
932 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
952 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1076 C:\Windows\System32\nvvsvc.exe
1104 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
1468 C:\Windows\System32\audiodg.exe
1544 C:\Windows\System32\SLsvc.exe
1564 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\hpservice.exe
1692 C:\Windows\System32\nvvsvc.exe
1724 C:\Windows\System32\svchost.exe
1948 C:\Windows\System32\spoolsv.exe
1988 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2000 C:\Windows\System32\svchost.exe
1840 D:\work\xampp\apache\bin\apache.exe
196 C:\Windows\System32\svchost.exe
576 C:\Program Files\GNU\GnuPG\dirmngr.exe
2064 C:\Windows\System32\FsUsbExService.Exe
2152 C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
2216 D:\work\xampp\mysql\bin\mysqld-nt.exe
2256 C:\Windows\System32\svchost.exe
2324 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2340 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2364 C:\Windows\SMINST\BLService.exe
2484 C:\Windows\System32\svchost.exe
2516 C:\Windows\System32\svchost.exe
2544 C:\Windows\System32\SearchIndexer.exe
2684 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2868 C:\Windows\System32\taskeng.exe
3108 D:\work\xampp\apache\bin\apache.exe
4164 C:\Windows\System32\dwm.exe
4180 C:\Windows\System32\taskeng.exe
4224 C:\Windows\explorer.exe
4460 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4472 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
4488 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
4496 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4504 C:\Program Files\IDT\WDM\sttray.exe
4512 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4524 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4532 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
4552 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
4632 C:\Windows\ehome\ehtray.exe
4648 WmiPrvSE.exe
4808 C:\Windows\ehome\ehmsas.exe
4836 C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
4964 C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
5032 C:\Windows\ehome\ehsched.exe
5100 C:\Program Files\Windows Media Player\wmpnscfg.exe
5212 C:\Program Files\Windows Media Player\wmpnetwk.exe
5372 C:\Windows\System32\wbem\unsecapp.exe
5380 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
5564 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5608 C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
5880 C:\Windows\ehome\ehrecvr.exe
4424 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
2792 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4312 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4456 C:\Windows\System32\svchost.exe
4432 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2480 C:\Program Files\Mozilla Firefox\firefox.exe
2280 C:\Windows\explorer.exe
5948 C:\Users\cm\Desktop\tdsskiller\osam.exe
532 C:\Windows\System32\notepad.exe
5760 C:\Users\cm\Desktop\MBRCheck.exe
4148 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000048`4e200000 (NTFS)

PhysicalDrive1 Model Number: TOSHIBAMK3252GSX, Rev: LV011C
PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus

06.04.2011 22:34

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

chris7000

07.04.2011 20:46

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6304

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

07.04.2011 21:44:51
mbam-log-2011-04-07 (21-44-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175841
Laufzeit: 5 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus

08.04.2011 04:57

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

chris7000

08.04.2011 06:23

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 04/08/2011 at 03:31 AM

Application Version : 4.50.1002

Core Rules Database Version : 6777
Trace Rules Database Version: 4589

Scan type : Complete Scan
Total Scan Time : 05:29:28

Memory items scanned : 777
Memory threats detected : 0
Registry items scanned : 11170
Registry threats detected : 0
File items scanned : 653301
File threats detected : 4

Adware.Unknown Origin
C:\PROGRAM FILES\HEWLETT-PACKARD\HP ADVISOR\COMPSHOP\TEMPLATES\AD.HTML

Trojan.Agent/Gen-Nullo[Micro]
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SYSTEM.VIR
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\WINDOWS\SYSTEM32\SYSTEM

Adware.Jraun/WinEssential
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\PROGRAM FILES\CYBERLINK\DVD SUITE\CDSVERSION.EXE

cosinus

08.04.2011 06:43

Überreste und Fehlalarme.
Mach bitte noch den Vollscan mit Malwarebytes.

chris7000

08.04.2011 19:38

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6304

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.04.2011 20:17:47
mbam-log-2011-04-08 (20-17-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 824266
Laufzeit: 12 Stunde(n), 43 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Viele Grüße, ich denke das wars (hoffentlich :-)

cosinus

08.04.2011 19:55

Keine Funde. Rechner wieder ok? :)

chris7000

11.04.2011 20:16

Hallo Arne, der PC ist wieder OK, Spende folgt, vielen Dank für Deine Mühe ;-)

cosinus

12.04.2011 09:31

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Alle Zeitangaben in WEZ +1. Es ist jetzt 00:32 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131