Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ich glaub ich hab nen Virus! (https://www.trojaner-board.de/98686-glaub-hab-nen-virus.html)

Kangoo96 04.05.2011 15:30
Ich glaub ich hab nen Virus!
 
Hi Leute,

als ich heute TM Nations Forever starten wollte um zu spielen stürzte es ab, daraufhin ging ich in Firefox um Flashspiele zu spielen, wobei Firefox immer beim Start des Spiels abstürzte.
Dann habe ich Sims 3 und World Racing 2 versucht zu starten -> Absturz der Programme.

Ansonsten funktioniert aber alles einwandfrei (Office, Firefox, ...).

KIS läuft gerade ist 42% (Restdauer 1 Stunde) und hat schon 2 Trojaner gefunden und gelöscht, bis jetzt geht aber noch nichts.

Gruß Alex

cosinus 04.05.2011 15:31
Zitat:
und hat schon 2 Trojaner gefunden und gelöscht, bis jetzt geht aber noch nichts.
Hättest du auch die Gute uns mitzuteilen was genau wo gefunden wurde?
Am besten das Log posten wenn es fertig ist.

Kangoo96 04.05.2011 15:32
Ok!
Bis in einer Stunde dann.

Kangoo96 05.05.2011 17:17
Hat sich erledigt!
Kaspersky hat alles gelöscht und jetzt funktioniert alles wieder einwandfrei!

cosinus 05.05.2011 19:24
Du sollst das Log posten! Wir sind noch nicht fertig, viele Sachen erkennen die Scanner allein nicht!

Kangoo96 08.05.2011 13:45
Woher bekomm ich das Log bei KIS?

Aber ich kann euch sagen, was er gefunden hat:

trojanisches Programm Exploit.Java.CVE-2010-0840.e
trojanisches Programm Trojan-Downloader.Java.Agent.kr
trojanisches Programm Exploit.Java.CVE-2010-0840.e

Edit: Och nee! Jetz fängts schon wieder an.

cosinus 08.05.2011 14:35
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Kangoo96 08.05.2011 15:15
Malware Bytes läft gerade.
Wie lange dauert so ein Scan bei ca. 2,5 TB?

Kangoo96 08.05.2011 18:22
Hier der Log von Malwarebytes:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6531

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.05.2011 19:18:34
mbam-log-2011-05-08 (19-18-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|M:\|N:\|)
Durchsuchte Objekte: 672186
Laufzeit: 3 Stunde(n), 4 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
c:\backup 06.0.311\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
k:\$RECYCLE.BIN\s-1-5-21-3380056649-789860679-3442825123-1000\$RPM6UMS\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
k:\backup 06.03.11\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
k:\sicherung neuinstallation 23.01\desktop ohne downloads\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
m:\alte backups\backup 29.05.2010\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
m:\alte backups\backup 31.10.2010\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
m:\alte backups\sicherung neuinstallation 23.01\desktop ohne downloads\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
n:\$RECYCLE.BIN\s-1-5-21-3380056649-789860679-3442825123-1000\$RH8UKCQ\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
n:\backup 06.03.11\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
n:\sicherung neuinstallation 23.01\desktop ohne downloads\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.

Kangoo96 08.05.2011 18:25
Log Nr. 2:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6531

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.05.2011 19:23:57
mbam-log-2011-05-08 (19-23-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|M:\|N:\|)
Durchsuchte Objekte: 672186
Laufzeit: 3 Stunde(n), 4 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\backup 06.0.311\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
k:\$RECYCLE.BIN\s-1-5-21-3380056649-789860679-3442825123-1000\$RPM6UMS\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
k:\backup 06.03.11\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
k:\sicherung neuinstallation 23.01\desktop ohne downloads\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
m:\alte backups\backup 29.05.2010\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
m:\alte backups\backup 31.10.2010\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
m:\alte backups\sicherung neuinstallation 23.01\desktop ohne downloads\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
n:\$RECYCLE.BIN\s-1-5-21-3380056649-789860679-3442825123-1000\$RH8UKCQ\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
n:\backup 06.03.11\Alex\Desktop\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
n:\sicherung neuinstallation 23.01\desktop ohne downloads\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.

Kangoo96 08.05.2011 19:03
OTL.txt:

Code:
OTL logfile created on: 08.05.2011 19:32:02 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Alex\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,45 Gb Total Space | 180,63 Gb Free Space | 39,40% Space Free | Partition Type: NTFS
Drive D: | 7,31 Gb Total Space | 0,94 Gb Free Space | 12,82% Space Free | Partition Type: NTFS
Drive K: | 465,76 Gb Total Space | 136,91 Gb Free Space | 29,40% Space Free | Partition Type: NTFS
Drive M: | 1512,36 Gb Total Space | 389,71 Gb Free Space | 25,77% Space Free | Partition Type: NTFS
Drive N: | 350,00 Gb Total Space | 277,78 Gb Free Space | 79,37% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.08 19:29:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.23 14:59:05 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.02 06:34:33 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010.06.29 16:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.03.08 10:38:42 | 000,517,416 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe
PRC - [2009.11.13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009.05.11 11:45:18 | 000,024,576 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\HP UT\bin\hppusg.exe
PRC - [2007.07.06 13:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.05.29 17:19:08 | 000,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe
PRC - [2007.04.29 23:57:42 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Programme\Lexmark 2300 Series\ezprint.exe
PRC - [2007.04.29 23:54:44 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcgcoms.exe
PRC - [2007.04.18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007.02.15 13:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2003.05.15 02:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.08 19:29:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.04 06:02:55 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.11.02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.06.07 12:22:00 | 003,549,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.08 10:38:42 | 000,517,416 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2009.11.13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2007.05.29 17:19:08 | 000,198,240 | ---- | M] () [Auto | Running] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007.04.29 23:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcgcoms.exe -- (lxcg_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.01.23 19:51:00 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.09.14 15:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.08.12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.10.07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.09.24 10:30:02 | 001,006,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.07.26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 16:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 16:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008.07.26 16:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007.10.26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007.06.11 11:49:22 | 000,968,064 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005.12.12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005.08.24 15:55:48 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "iload.to"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 11:48:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 11:48:26 | 000,000,000 | ---D | M]
 
[2011.01.25 20:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2011.05.07 20:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t7fkiur8.default\extensions
[2011.04.18 17:16:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t7fkiur8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.07 06:13:43 | 000,001,968 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t7fkiur8.default\searchplugins\iloadto.xml
[2011.01.27 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.27 22:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.26 06:04:12 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011.01.26 06:04:10 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011.01.27 22:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.26 06:04:12 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\KAVANTIBANNER@KASPERSKY.RU
[2011.01.26 06:04:10 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU
[2011.01.27 22:24:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.03 16:39:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 16:39:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 16:39:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 16:39:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 16:39:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LXCGCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EADM] C:\Program Files\Electronic Arts\EADM\EADMUI.exe (Electronic Arts)
O4 - HKCU..\Run: [RGSC]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (AnyDiscHelp.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bc1b13fa-271e-11e0-977e-001d60b6381c}\Shell - "" = AutoRun
O33 - MountPoints2\{bc1b13fa-271e-11e0-977e-001d60b6381c}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.08 19:29:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011.05.08 16:12:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2011.05.08 16:12:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.08 16:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.08 16:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.08 16:12:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.08 16:12:18 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.08 16:11:14 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Alex\Desktop\mbam-setup.exe
[2011.05.08 14:34:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\18 WoS Voll aufs Gas
[2011.05.08 14:34:47 | 000,000,000 | ---D | C] -- C:\Programme\18 WoS Voll aufs Gas
[2011.05.08 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\18 WoS Pedal to the Metal
[2011.05.08 14:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Voll aufs Gas
[2011.05.06 22:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.05.04 16:07:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Microsoft Games
[2011.05.01 10:00:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Kangoo Platz
[2011.04.30 16:17:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Günter Grünwald - Der Komiker
[2011.04.28 18:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2011.04.28 18:48:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\TrackMania
[2011.04.28 18:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
[2011.04.28 16:59:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.04.28 16:46:36 | 000,000,000 | RH-D | C] -- C:\Users\Alex\AppData\Roaming\SecuROM
[2011.04.27 17:51:25 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Günter Grünwald - Arschgeigenparade
[2011.04.18 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.18 17:15:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft
[2011.04.18 14:24:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Referat
[2011.04.18 12:41:13 | 000,000,000 | ---D | C] -- C:\Referat
[2011.04.17 11:36:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\dvdcss
[2011.04.15 23:01:23 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\DVDVideoSoft
[2011.04.15 23:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.04.15 23:01:10 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2011.04.15 23:01:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2011.04.15 22:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2011.04.15 22:58:31 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2011.04.15 22:58:31 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2011.04.15 22:58:31 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2011.04.15 22:58:31 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2011.04.15 22:58:31 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2011.04.15 22:58:31 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2011.04.15 22:58:31 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2011.04.15 22:58:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\FreeAudioPack
[2011.04.15 22:58:30 | 000,000,000 | ---D | C] -- C:\Programme\Free Audio Pack
[2011.04.15 22:51:32 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft
[2011.02.04 22:16:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Alex\AppData\Roaming\pcouffin.sys
[2011.01.23 20:36:57 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcgserv.dll
[2011.01.23 20:36:57 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcgusb1.dll
[2011.01.23 20:36:57 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcghbn3.dll
[2011.01.23 20:36:57 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomc.dll
[2011.01.23 20:36:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcgpmui.dll
[2011.01.23 20:36:57 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcglmpm.dll
[2011.01.23 20:36:57 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcgcoms.exe
[2011.01.23 20:36:57 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomm.dll
[2011.01.23 20:36:57 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcginpa.dll
[2011.01.23 20:36:57 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcgiesc.dll
[2011.01.23 20:36:57 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcgih.exe
[2011.01.23 20:36:57 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcgcfg.exe
[2011.01.23 20:36:57 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcghcp.dll
[2011.01.23 20:36:57 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcgprox.dll
[2011.01.23 20:36:57 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcgpplc.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.08 19:34:49 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.08 19:34:49 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.08 19:34:49 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.08 19:34:49 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.08 19:29:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011.05.08 19:28:31 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.08 19:27:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.08 19:27:55 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.08 18:59:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.08 16:12:24 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.08 16:11:19 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Alex\Desktop\mbam-setup.exe
[2011.05.08 15:54:47 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.08 15:54:47 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.08 14:34:55 | 000,001,150 | ---- | M] () -- C:\Users\Alex\Desktop\18 Wheels of Steel Voll aufs Gas.lnk
[2011.05.07 21:26:51 | 734,197,760 | ---- | M] () -- C:\Users\Alex\Desktop\crow-ikdf-b.avi
[2011.05.07 20:59:35 | 734,466,048 | ---- | M] () -- C:\Users\Alex\Desktop\crow-ikdf-a.avi
[2011.04.25 20:38:33 | 000,001,189 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\vso_ts_preview.xml
[2011.04.18 21:48:47 | 000,008,192 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.14 13:20:31 | 000,472,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.09 18:55:28 | 000,179,261 | ---- | M] () -- C:\Windows\System32\xlive.dll.cat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.08 16:12:24 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.08 14:34:55 | 000,001,150 | ---- | C] () -- C:\Users\Alex\Desktop\18 Wheels of Steel Voll aufs Gas.lnk
[2011.05.07 21:00:49 | 734,197,760 | ---- | C] () -- C:\Users\Alex\Desktop\crow-ikdf-b.avi
[2011.05.07 20:49:17 | 734,466,048 | ---- | C] () -- C:\Users\Alex\Desktop\crow-ikdf-a.avi
[2011.04.15 22:58:31 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.12 13:49:59 | 000,000,040 | ---- | C] () -- C:\Windows\IVANOFF.INI
[2011.02.23 14:55:40 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.02.23 14:55:40 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.02.23 14:55:40 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.02.23 14:50:19 | 000,017,408 | ---- | C] () -- C:\Users\Alex\AppData\Local\WebpageIcons.db
[2011.02.21 17:30:34 | 000,000,017 | ---- | C] () -- C:\Users\Alex\AppData\Local\resmon.resmoncfg
[2011.02.21 17:24:11 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.02.13 19:26:59 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI
[2011.02.13 19:26:52 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2011.02.13 19:26:48 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2011.02.09 16:06:10 | 000,008,192 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.04 22:18:07 | 000,001,189 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\vso_ts_preview.xml
[2011.02.04 22:16:06 | 000,087,608 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\inst.exe
[2011.02.04 22:16:06 | 000,007,887 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.cat
[2011.02.04 22:16:06 | 000,001,144 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.inf
[2011.02.02 19:04:03 | 000,007,648 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2011.01.30 12:50:32 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.01.28 13:45:31 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.01.24 19:37:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.24 16:43:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.01.23 20:53:29 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2011.01.23 20:36:57 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcginst.dll
[2011.01.23 19:51:58 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.01.23 19:51:58 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.01.23 19:17:20 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.01.23 18:17:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.18 14:40:28 | 000,180,224 | ---- | C] () -- C:\Windows\System32\hpputoar.dll
[2009.10.07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.07.14 10:47:43 | 000,696,132 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,147,428 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,472,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,651,450 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,120,382 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.07.26 15:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008.02.07 11:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007.09.14 12:23:21 | 000,114,973 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007.09.14 12:19:57 | 000,003,758 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007.09.14 12:14:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007.09.14 12:10:58 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007.09.14 12:10:58 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.07.19 17:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007.02.22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcgcoin.dll
[2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005.08.18 07:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcgvs.dll
[2005.03.13 15:32:14 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcgcnv4.dll
 
========== LOP Check ==========
 
[2011.04.28 15:50:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft
[2011.02.23 14:56:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\concept design
[2011.04.18 19:02:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft
[2011.04.18 17:16:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.21 17:38:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FOG Downloader
[2011.04.15 22:58:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeAudioPack
[2011.01.23 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2011.02.23 15:57:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\My Games
[2011.01.24 18:31:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\T-Online
[2011.04.25 20:38:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Vso
[2011.01.23 21:20:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Western Digital
[2011.03.21 13:50:52 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.28 15:50:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft
[2011.01.27 22:28:45 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Adobe
[2011.01.26 07:19:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AdobeUM
[2011.03.17 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Apple Computer
[2011.02.23 14:56:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\concept design
[2011.04.29 21:22:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\dvdcss
[2011.04.18 19:02:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft
[2011.04.18 17:16:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.21 17:38:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FOG Downloader
[2011.04.15 22:58:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeAudioPack
[2011.01.23 19:14:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Hewlett-Packard
[2011.01.24 21:25:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Identities
[2011.03.19 13:29:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\InstallShield
[2011.02.09 20:09:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Kaspersky Lab
[2011.01.23 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2011.01.23 19:14:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Macromedia
[2011.05.08 16:12:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Media Center Programs
[2011.03.06 13:42:45 | 000,000,000 | --SD | M] -- C:\Users\Alex\AppData\Roaming\Microsoft
[2011.01.25 20:36:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla
[2011.02.23 15:57:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\My Games
[2011.03.06 12:13:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Nero
[2011.02.23 15:00:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Real
[2011.01.25 19:47:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Roxio
[2011.04.28 16:46:36 | 000,000,000 | RH-D | M] -- C:\Users\Alex\AppData\Roaming\SecuROM
[2011.05.08 19:30:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Skype
[2011.05.08 19:28:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\skypePM
[2011.01.24 18:31:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\T-Online
[2011.04.16 20:04:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\vlc
[2011.04.25 20:38:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Vso
[2011.01.23 21:20:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Western Digital
[2011.01.28 13:41:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.02.04 22:16:06 | 000,087,608 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\inst.exe
[2011.03.06 13:42:45 | 000,010,134 | R--- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.10.26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\Windows\System32\drivers\nvstor32.sys
[2007.10.26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_x86_neutral_cdb69d95ece5b4d2\nvstor32.sys
[2007.07.02 19:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\$WINDOWS.~Q\DATA\WINDOWS\System32\drivers\nvstor32.sys
[2007.07.02 19:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\hp\DRIVERS\NVIDIA_Serial_ATA\nvstor32.sys
[2007.07.02 19:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_4c538222d3e1d392\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl1.sys
[2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl2.sys
[2011.01.23 19:51:00 | 000,488,536 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klif.sys
[2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.10.05 21:27:04 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\klogon.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<          >

< End of report >

Kangoo96 08.05.2011 19:04
Extras.txt:

Code:
OTL Extras logfile created on: 08.05.2011 19:32:02 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Alex\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,45 Gb Total Space | 180,63 Gb Free Space | 39,40% Space Free | Partition Type: NTFS
Drive D: | 7,31 Gb Total Space | 0,94 Gb Free Space | 12,82% Space Free | Partition Type: NTFS
Drive K: | 465,76 Gb Total Space | 136,91 Gb Free Space | 29,40% Space Free | Partition Type: NTFS
Drive M: | 1512,36 Gb Total Space | 389,71 Gb Free Space | 25,77% Space Free | Partition Type: NTFS
Drive N: | 350,00 Gb Total Space | 277,78 Gb Free Space | 79,37% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}" = HP Total Care Advisor
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}" = MrvlUsgTracking
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = concept/design onlineTV 6
"{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{775B9052-3517-47FA-817D-1BB28363D43A}" = muvee autoProducer 6.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A7BF5297-3E74-11D5-B00F-00104B398D77}" = QuarkXPress Passport 5.0
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{e715db8d-ae23-4488-8336-65d2a99baf1e}" = Nero MediaHome 4 Trial
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}" = hppusgP1000
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"18 Wheels of Steel: Voll aufs Gas" = 18 Wheels of Steel: Voll aufs Gas
"18 WoS Extreme Trucker" = 18 WoS Extreme Trucker 1.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"AnyDVD" = AnyDVD
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio Converter_is1" = Free Audio Converter version 2.2.16.324
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"Free Studio_is1" = Free Studio version 5.0.8
"Genius Physik" = Genius Physik (remove only)
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"InstallShield_{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Lexmark 2300 Series" = Lexmark 2300 Series
"Magnus" = Max 1
"Magnus2" = Max 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"Post T Arnhem 1965 DEMO" = Post T Arnhem 1965 DEMO
"RealPlayer 12.0" = RealPlayer
"StarCraft II" = StarCraft II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.8
"WinRAR archiver" = WinRAR
"WolfTeam-DE" = WolfTeam-DE
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ed20d589efc856e0" = WindowsApplication1
"netWatten" = netWatten
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

cosinus 09.05.2011 11:30
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [RGSC]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bc1b13fa-271e-11e0-977e-001d60b6381c}\Shell - "" = AutoRun
O33 - MountPoints2\{bc1b13fa-271e-11e0-977e-001d60b6381c}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Kangoo96 09.05.2011 18:34
Hier das Log:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc1b13fa-271e-11e0-977e-001d60b6381c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc1b13fa-271e-11e0-977e-001d60b6381c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc1b13fa-271e-11e0-977e-001d60b6381c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc1b13fa-271e-11e0-977e-001d60b6381c}\ not found.
File "L:\WD SmartWare.exe" autoplay=true not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Alex
->Temp folder emptied: 2771193793 bytes
->Temporary Internet Files folder emptied: 85769959 bytes
->Java cache emptied: 5937242 bytes
->FireFox cache emptied: 50434961 bytes
->Flash cache emptied: 68763 bytes
 
User: Alexander
->Temp folder emptied: 43145 bytes
->Temporary Internet Files folder emptied: 2984317 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85518170 bytes
->Flash cache emptied: 1789 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NeroMediaHomeUser.4
->Temp folder emptied: 7192 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1388544 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3302863140 bytes
RecycleBin emptied: 2019590434 bytes
 
Total Files Cleaned = 7.940,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05092011_154819

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 09.05.2011 19:17
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Kangoo96 09.05.2011 20:20
Kaspesky Log:

Code:
2011/05/09 21:18:56.0025 8048        TDSS rootkit removing tool 2.5.0.0 May  1 2011 14:20:16
2011/05/09 21:18:56.0040 8048        ================================================================================
2011/05/09 21:18:56.0040 8048        SystemInfo:
2011/05/09 21:18:56.0040 8048       
2011/05/09 21:18:56.0040 8048        OS Version: 6.1.7600 ServicePack: 0.0
2011/05/09 21:18:56.0040 8048        Product type: Workstation
2011/05/09 21:18:56.0040 8048        ComputerName: ALEX-PC
2011/05/09 21:18:56.0040 8048        UserName: Alex
2011/05/09 21:18:56.0040 8048        Windows directory: C:\Windows
2011/05/09 21:18:56.0040 8048        System windows directory: C:\Windows
2011/05/09 21:18:56.0040 8048        Processor architecture: Intel x86
2011/05/09 21:18:56.0040 8048        Number of processors: 2
2011/05/09 21:18:56.0040 8048        Page size: 0x1000
2011/05/09 21:18:56.0040 8048        Boot type: Normal boot
2011/05/09 21:18:56.0040 8048        ================================================================================
2011/05/09 21:19:05.0728 8048        Initialize success
2011/05/09 21:19:10.0798 4484        ================================================================================
2011/05/09 21:19:10.0798 4484        Scan started
2011/05/09 21:19:10.0798 4484        Mode: Manual;
2011/05/09 21:19:10.0798 4484        ================================================================================
2011/05/09 21:19:11.0437 4484        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/09 21:19:11.0500 4484        3xHybrid        (55e1acba424e14af3523df741d86f60a) C:\Windows\system32\DRIVERS\3xHybrid.sys
2011/05/09 21:19:11.0578 4484        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/09 21:19:11.0625 4484        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/09 21:19:11.0718 4484        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/09 21:19:11.0843 4484        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/09 21:19:11.0890 4484        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/09 21:19:11.0968 4484        AFD            (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/09 21:19:11.0999 4484        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/09 21:19:12.0046 4484        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/09 21:19:12.0124 4484        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/09 21:19:12.0155 4484        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/09 21:19:12.0202 4484        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/09 21:19:12.0233 4484        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/09 21:19:12.0280 4484        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/09 21:19:12.0342 4484        amdsata        (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/05/09 21:19:12.0389 4484        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/09 21:19:12.0467 4484        amdxata        (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/05/09 21:19:12.0545 4484        AnyDVD          (2859c5ec3943911bf1e6458089a75f35) C:\Windows\system32\Drivers\AnyDVD.sys
2011/05/09 21:19:12.0592 4484        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/09 21:19:12.0685 4484        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/09 21:19:12.0717 4484        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/09 21:19:12.0795 4484        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/09 21:19:12.0841 4484        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/09 21:19:12.0951 4484        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/09 21:19:12.0997 4484        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/09 21:19:13.0060 4484        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/09 21:19:13.0122 4484        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/09 21:19:13.0216 4484        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/09 21:19:13.0247 4484        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/09 21:19:13.0278 4484        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/09 21:19:13.0341 4484        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/09 21:19:13.0387 4484        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/09 21:19:13.0419 4484        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/09 21:19:13.0450 4484        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/09 21:19:13.0512 4484        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/09 21:19:13.0575 4484        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/09 21:19:13.0621 4484        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/09 21:19:13.0668 4484        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/09 21:19:13.0699 4484        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/09 21:19:13.0762 4484        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/09 21:19:13.0777 4484        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/09 21:19:13.0809 4484        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/09 21:19:13.0840 4484        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/09 21:19:13.0871 4484        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/09 21:19:13.0902 4484        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/09 21:19:13.0980 4484        DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/09 21:19:14.0027 4484        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/09 21:19:14.0058 4484        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/09 21:19:14.0121 4484        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/09 21:19:14.0167 4484        DXGKrnl        (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/09 21:19:14.0386 4484        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/09 21:19:14.0557 4484        ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
2011/05/09 21:19:14.0620 4484        ElbyCDIO        (64664287ca449c060fe46941dd67dd5f) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/09 21:19:14.0682 4484        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/09 21:19:14.0729 4484        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/09 21:19:14.0807 4484        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/09 21:19:14.0854 4484        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/09 21:19:14.0916 4484        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/09 21:19:14.0979 4484        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/09 21:19:15.0010 4484        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/09 21:19:15.0057 4484        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/09 21:19:15.0119 4484        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/09 21:19:15.0181 4484        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/09 21:19:15.0228 4484        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/09 21:19:15.0291 4484        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/09 21:19:15.0337 4484        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/09 21:19:15.0400 4484        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/09 21:19:15.0493 4484        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/05/09 21:19:15.0587 4484        HCW85BDA        (e73b3865f5bce5b445d18ef39380844a) C:\Windows\system32\drivers\HCW85BDA.sys
2011/05/09 21:19:15.0665 4484        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/09 21:19:15.0712 4484        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/09 21:19:15.0743 4484        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/09 21:19:15.0790 4484        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/09 21:19:15.0837 4484        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/09 21:19:15.0899 4484        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/09 21:19:16.0008 4484        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/09 21:19:16.0055 4484        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/09 21:19:16.0117 4484        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/09 21:19:16.0149 4484        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/09 21:19:16.0227 4484        iaStorV        (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/05/09 21:19:16.0289 4484        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/09 21:19:16.0461 4484        IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/09 21:19:16.0554 4484        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/09 21:19:16.0617 4484        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/09 21:19:16.0663 4484        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/09 21:19:16.0710 4484        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/09 21:19:16.0757 4484        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/09 21:19:16.0804 4484        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/09 21:19:16.0851 4484        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/09 21:19:16.0897 4484        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/09 21:19:16.0960 4484        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/09 21:19:16.0991 4484        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/09 21:19:17.0069 4484        KL1            (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
2011/05/09 21:19:17.0100 4484        kl2            (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
2011/05/09 21:19:17.0163 4484        KLIF            (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys
2011/05/09 21:19:17.0209 4484        KLIM6          (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
2011/05/09 21:19:17.0241 4484        klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/05/09 21:19:17.0287 4484        KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/09 21:19:17.0334 4484        KSecPkg        (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/09 21:19:17.0443 4484        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/09 21:19:17.0521 4484        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/09 21:19:17.0568 4484        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/09 21:19:17.0599 4484        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/09 21:19:17.0646 4484        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/09 21:19:17.0693 4484        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/09 21:19:17.0740 4484        LVPr2Mon        (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/05/09 21:19:17.0802 4484        LVRS            (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys
2011/05/09 21:19:17.0880 4484        LVUSBSta        (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys
2011/05/09 21:19:17.0943 4484        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/09 21:19:17.0989 4484        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/09 21:19:18.0052 4484        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/09 21:19:18.0099 4484        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/09 21:19:18.0130 4484        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/09 21:19:18.0161 4484        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/09 21:19:18.0208 4484        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/09 21:19:18.0255 4484        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/09 21:19:18.0301 4484        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/09 21:19:18.0348 4484        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/09 21:19:18.0426 4484        mrxsmb          (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/09 21:19:18.0457 4484        mrxsmb10        (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/09 21:19:18.0504 4484        mrxsmb20        (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/09 21:19:18.0535 4484        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/09 21:19:18.0582 4484        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/09 21:19:18.0660 4484        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/09 21:19:18.0691 4484        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/09 21:19:18.0723 4484        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/09 21:19:18.0816 4484        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/09 21:19:18.0863 4484        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/09 21:19:18.0910 4484        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/09 21:19:18.0941 4484        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/09 21:19:18.0988 4484        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/09 21:19:19.0019 4484        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/09 21:19:19.0066 4484        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/09 21:19:19.0113 4484        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/09 21:19:19.0175 4484        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/09 21:19:19.0253 4484        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/09 21:19:19.0315 4484        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/09 21:19:19.0362 4484        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/09 21:19:19.0393 4484        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/09 21:19:19.0440 4484        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/09 21:19:19.0471 4484        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/09 21:19:19.0534 4484        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/09 21:19:19.0581 4484        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/09 21:19:19.0705 4484        netr73          (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
2011/05/09 21:19:19.0783 4484        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/09 21:19:19.0830 4484        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/09 21:19:19.0893 4484        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/09 21:19:19.0986 4484        Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/05/09 21:19:20.0064 4484        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/09 21:19:20.0127 4484        NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/05/09 21:19:20.0454 4484        nvlddmkm        (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/09 21:19:20.0766 4484        NVNET          (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
2011/05/09 21:19:20.0844 4484        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/05/09 21:19:20.0891 4484        nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/05/09 21:19:20.0922 4484        nvstor32        (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/05/09 21:19:20.0985 4484        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/09 21:19:21.0047 4484        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/09 21:19:21.0141 4484        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/09 21:19:21.0172 4484        partmgr        (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/09 21:19:21.0234 4484        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/09 21:19:21.0281 4484        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/09 21:19:21.0312 4484        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/09 21:19:21.0359 4484        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/09 21:19:21.0406 4484        pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/05/09 21:19:21.0453 4484        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/09 21:19:21.0499 4484        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/09 21:19:21.0546 4484        pepifilter      (a05f0d7419cf4680eedd5736e6549e7b) C:\Windows\system32\DRIVERS\lv302af.sys
2011/05/09 21:19:21.0671 4484        Ph3xIB32        (8b7aec0aba77de5d2feac1824c15a3fa) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
2011/05/09 21:19:21.0827 4484        PID_PEPI        (4bb5ac2dd485b8eefccb977ee66a68ad) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/05/09 21:19:22.0030 4484        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/09 21:19:22.0061 4484        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/09 21:19:22.0139 4484        Ps2            (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/05/09 21:19:22.0186 4484        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/09 21:19:22.0217 4484        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/09 21:19:22.0295 4484        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/09 21:19:22.0389 4484        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/09 21:19:22.0420 4484        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/09 21:19:22.0467 4484        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/09 21:19:22.0529 4484        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/09 21:19:22.0576 4484        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/09 21:19:22.0623 4484        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/09 21:19:22.0654 4484        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/09 21:19:22.0701 4484        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/09 21:19:22.0747 4484        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/09 21:19:22.0779 4484        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/09 21:19:22.0857 4484        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/09 21:19:22.0888 4484        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/09 21:19:22.0935 4484        RDPWD          (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/09 21:19:22.0997 4484        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/09 21:19:23.0106 4484        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/09 21:19:23.0169 4484        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/09 21:19:23.0231 4484        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/09 21:19:23.0309 4484        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/09 21:19:23.0371 4484        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/09 21:19:23.0418 4484        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/09 21:19:23.0434 4484        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/09 21:19:23.0527 4484        sfdrv01        (4c0d673281178cb496011a2e28571fc8) C:\Windows\system32\drivers\sfdrv01.sys
2011/05/09 21:19:23.0559 4484        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/09 21:19:23.0590 4484        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/09 21:19:23.0621 4484        sffp_sd        (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/09 21:19:23.0637 4484        sfhlp02        (15be2b5e4dc5b8623cf167720682abc9) C:\Windows\system32\drivers\sfhlp02.sys
2011/05/09 21:19:23.0668 4484        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/09 21:19:23.0683 4484        sfsync02        (efebbc1d13fdb77a6af4eddfc7232edf) C:\Windows\system32\drivers\sfsync02.sys
2011/05/09 21:19:23.0730 4484        sfvfs02        (4edf98028a05263b515b17b3e7b52509) C:\Windows\system32\drivers\sfvfs02.sys
2011/05/09 21:19:23.0761 4484        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/09 21:19:23.0808 4484        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/09 21:19:23.0839 4484        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/09 21:19:23.0871 4484        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/09 21:19:23.0917 4484        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/09 21:19:23.0995 4484        srv            (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/05/09 21:19:24.0058 4484        srv2            (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/09 21:19:24.0105 4484        srvnet          (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/09 21:19:24.0198 4484        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/09 21:19:24.0261 4484        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/09 21:19:24.0401 4484        Tcpip          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/05/09 21:19:24.0510 4484        TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/09 21:19:24.0573 4484        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/09 21:19:24.0619 4484        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/09 21:19:24.0666 4484        TDTCP          (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/09 21:19:24.0697 4484        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/09 21:19:24.0744 4484        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/09 21:19:24.0869 4484        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/09 21:19:24.0931 4484        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/09 21:19:24.0963 4484        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/09 21:19:25.0009 4484        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/09 21:19:25.0103 4484        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/09 21:19:25.0134 4484        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/09 21:19:25.0181 4484        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/09 21:19:25.0290 4484        USBAAPL        (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/09 21:19:25.0337 4484        usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/05/09 21:19:25.0384 4484        usbccgp        (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/09 21:19:25.0431 4484        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/09 21:19:25.0477 4484        usbehci        (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/09 21:19:25.0524 4484        usbhub          (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/09 21:19:25.0571 4484        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/09 21:19:25.0602 4484        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/09 21:19:25.0665 4484        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/09 21:19:25.0711 4484        USBSTOR        (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/09 21:19:25.0758 4484        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/09 21:19:25.0852 4484        VClone          (e986f81fa0b3aed21f188a0fd044d80e) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/09 21:19:25.0899 4484        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/09 21:19:25.0945 4484        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/09 21:19:25.0992 4484        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/09 21:19:26.0039 4484        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/09 21:19:26.0101 4484        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/09 21:19:26.0133 4484        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/09 21:19:26.0179 4484        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/09 21:19:26.0226 4484        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/09 21:19:26.0273 4484        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/09 21:19:26.0335 4484        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/09 21:19:26.0382 4484        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/09 21:19:26.0445 4484        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/09 21:19:26.0491 4484        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/09 21:19:26.0538 4484        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/09 21:19:26.0585 4484        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 21:19:26.0616 4484        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 21:19:26.0679 4484        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/09 21:19:26.0725 4484        WDC_SAM        (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2011/05/09 21:19:26.0757 4484        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/09 21:19:26.0850 4484        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/09 21:19:26.0881 4484        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/09 21:19:26.0991 4484        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/09 21:19:27.0037 4484        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/09 21:19:27.0115 4484        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/09 21:19:27.0162 4484        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/09 21:19:27.0193 4484        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/09 21:19:27.0334 4484        ================================================================================
2011/05/09 21:19:27.0334 4484        Scan finished
2011/05/09 21:19:27.0334 4484        ================================================================================

cosinus 10.05.2011 09:47
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Kangoo96 10.05.2011 12:47
Hier das cofi-Log:

Code:
ComboFix 11-05-09.02 - Alex 10.05.2011  13:33:39.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3071.2020 [GMT 2:00]
ausgeführt von:: c:\users\Alex\Desktop\cofi.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Roaming\inst.exe
c:\windows\system32\jusched.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-10 bis 2011-05-10  ))))))))))))))))))))))))))))))
.
.
2011-05-10 11:43 . 2011-05-10 11:43        --------        d-----w-        c:\users\Alex\AppData\Local\temp
2011-05-10 11:26 . 2011-05-10 11:26        --------        d-----w-        c:\program files\CCleaner
2011-05-09 13:48 . 2011-05-09 13:48        --------        d-----w-        C:\_OTL
2011-05-08 14:12 . 2011-05-08 14:12        --------        d-----w-        c:\users\Alex\AppData\Roaming\Malwarebytes
2011-05-08 14:12 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-08 14:12 . 2011-05-08 14:12        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-08 14:12 . 2011-05-08 14:12        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-08 14:12 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-08 12:34 . 2011-05-08 12:34        --------        d-----w-        c:\program files\18 WoS Voll aufs Gas
2011-05-06 11:32 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6B93263-E3AB-426A-ADD7-AB33A66AD44E}\mpengine.dll
2011-05-04 14:07 . 2011-05-04 14:08        --------        d-----w-        c:\users\Alex\AppData\Local\Microsoft Games
2011-04-28 16:51 . 2011-05-08 10:30        --------        d-----w-        c:\programdata\TrackMania
2011-04-28 14:59 . 2011-04-28 14:59        --------        d-sh--w-        c:\programdata\SecuROM
2011-04-28 14:56 . 2009-03-16 12:18        69448        ----a-w-        c:\windows\system32\XAPOFX1_3.dll
2011-04-28 14:56 . 2009-03-16 12:18        517448        ----a-w-        c:\windows\system32\XAudio2_4.dll
2011-04-28 14:56 . 2009-03-16 12:18        235352        ----a-w-        c:\windows\system32\xactengine3_4.dll
2011-04-28 14:56 . 2009-03-09 13:27        4178264        ----a-w-        c:\windows\system32\D3DX9_41.dll
2011-04-28 14:56 . 2009-03-16 12:18        22360        ----a-w-        c:\windows\system32\X3DAudio1_6.dll
2011-04-28 14:46 . 2011-04-28 14:46        --------        d--h--r-        c:\users\Alex\AppData\Roaming\SecuROM
2011-04-27 05:11 . 2011-02-18 05:33        31232        ----a-w-        c:\windows\system32\prevhost.exe
2011-04-27 05:10 . 2011-03-11 05:44        146304        ----a-w-        c:\windows\system32\drivers\storport.sys
2011-04-27 05:10 . 2011-03-11 05:44        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys
2011-04-27 05:10 . 2011-03-11 05:44        1210240        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2011-04-27 05:10 . 2011-03-11 05:44        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys
2011-04-27 05:10 . 2011-03-11 05:43        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys
2011-04-27 05:10 . 2011-03-11 05:39        1686016        ----a-w-        c:\windows\system32\esent.dll
2011-04-27 05:10 . 2011-03-11 05:43        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys
2011-04-27 05:10 . 2011-03-11 05:43        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys
2011-04-27 05:10 . 2011-03-11 05:37        74240        ----a-w-        c:\windows\system32\fsutil.exe
2011-04-27 05:10 . 2011-03-12 11:31        442880        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-27 05:10 . 2011-02-26 05:33        2614784        ----a-w-        c:\windows\explorer.exe
2011-04-18 15:15 . 2011-04-18 17:02        --------        d-----w-        c:\users\Alex\AppData\Roaming\DVDVideoSoft
2011-04-18 10:41 . 2011-04-18 12:23        --------        d-----w-        C:\Referat
2011-04-17 09:36 . 2011-04-29 19:22        --------        d-----w-        c:\users\Alex\AppData\Roaming\dvdcss
2011-04-15 21:01 . 2011-04-18 15:16        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2011-04-15 21:01 . 2011-04-18 15:15        --------        d-----w-        c:\program files\DVDVideoSoft
2011-04-15 20:51 . 2011-04-15 20:51        --------        d-----w-        c:\program files\eRightSoft
2011-04-14 11:24 . 2011-02-23 05:05        309760        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-04-14 11:24 . 2011-02-23 05:06        311296        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-04-14 11:24 . 2011-02-23 05:05        113664        ----a-w-        c:\windows\system32\drivers\srvnet.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 15:00 . 2009-08-18 10:30        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-28 15:00 . 2009-08-18 10:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-15 04:17 . 2011-02-04 20:07        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-15 04:17 . 2011-02-10 13:25        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-11 04:11 . 2011-04-04 03:38        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-11 04:11 . 2011-02-04 20:06        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-11 04:11 . 2011-02-10 13:25        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-09 16:55 . 2011-04-09 16:55        15453336        ----a-w-        c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55        13642904        ----a-w-        c:\windows\system32\xlivefnt.dll
2011-04-08 04:43 . 2011-02-04 20:06        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-19 05:33 . 2011-03-09 15:36        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 15:36        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 15:36        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-18 15:36 . 2011-02-18 15:36        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-02-11 20:47 . 2011-02-11 20:47        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-5\markup.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"EADM"="c:\program files\Electronic Arts\EADM\EADMUI.exe" [2011-03-03 11509760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-29 205744]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-29 103344]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-02-23 273544]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-1-23 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-06-11 968064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-07 3549224]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 3xHybrid;CTX SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2009-09-24 1006816]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 netr73;USB-Drahtlos-802.11 b/g-Adaptertreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 08:48]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 08:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t7fkiur8.default\
FF - prefs.js: browser.search.selectedEngine - iload.to
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-RGSC - c:\program files\Spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4146598908-1969735870-1766285717-1000\Software\SecuROM\License information*]
"datasecu"=hex:b1,a3,0a,37,f4,69,89,17,f0,fe,c6,50,46,f3,d9,07,f7,10,16,d4,6b,
  7c,63,61,55,60,45,40,95,b4,fc,20,8b,87,c2,5c,8e,ca,5b,11,52,5b,e3,81,dc,93,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-10  13:44:49
ComboFix-quarantined-files.txt  2011-05-10 11:44
.
Vor Suchlauf: 11 Verzeichnis(se), 201.278.644.224 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 201.201.664.000 Bytes frei
.
- - End Of File - - 6802386696D4201F4EA9B2E737086261

cosinus 10.05.2011 13:07
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.
Code:
File::
c:\windows\system32\drivers\EagleXNt.sys

Driver::
EagleXNt
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kangoo96 10.05.2011 13:41
Hier das neue Log-File:

Code:
ComboFix 11-05-09.02 - Alex 10.05.2011  14:12:38.2.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3071.1879 [GMT 2:00]
ausgeführt von:: c:\users\Alex\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Alex\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\EagleXNt.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAGLEXNT
-------\Service_EagleXNt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-10 bis 2011-05-10  ))))))))))))))))))))))))))))))
.
.
2011-05-10 12:25 . 2011-05-10 12:27        --------        d-----w-        c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2011-05-10 12:25 . 2011-05-10 12:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-10 11:31 . 2011-05-10 11:44        --------        d-----w-        C:\cofi
2011-05-10 11:26 . 2011-05-10 11:26        --------        d-----w-        c:\program files\CCleaner
2011-05-09 13:48 . 2011-05-09 13:48        --------        d-----w-        C:\_OTL
2011-05-08 14:12 . 2011-05-08 14:12        --------        d-----w-        c:\users\Alex\AppData\Roaming\Malwarebytes
2011-05-08 14:12 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-08 14:12 . 2011-05-08 14:12        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-08 14:12 . 2011-05-08 14:12        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-08 14:12 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-08 12:34 . 2011-05-08 12:34        --------        d-----w-        c:\program files\18 WoS Voll aufs Gas
2011-05-06 11:32 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6B93263-E3AB-426A-ADD7-AB33A66AD44E}\mpengine.dll
2011-05-04 14:07 . 2011-05-04 14:08        --------        d-----w-        c:\users\Alex\AppData\Local\Microsoft Games
2011-04-28 16:51 . 2011-05-08 10:30        --------        d-----w-        c:\programdata\TrackMania
2011-04-28 14:59 . 2011-04-28 14:59        --------        d-sh--w-        c:\programdata\SecuROM
2011-04-28 14:56 . 2009-03-16 12:18        69448        ----a-w-        c:\windows\system32\XAPOFX1_3.dll
2011-04-28 14:56 . 2009-03-16 12:18        517448        ----a-w-        c:\windows\system32\XAudio2_4.dll
2011-04-28 14:56 . 2009-03-16 12:18        235352        ----a-w-        c:\windows\system32\xactengine3_4.dll
2011-04-28 14:56 . 2009-03-09 13:27        4178264        ----a-w-        c:\windows\system32\D3DX9_41.dll
2011-04-28 14:56 . 2009-03-16 12:18        22360        ----a-w-        c:\windows\system32\X3DAudio1_6.dll
2011-04-28 14:46 . 2011-04-28 14:46        --------        d--h--r-        c:\users\Alex\AppData\Roaming\SecuROM
2011-04-27 05:11 . 2011-02-18 05:33        31232        ----a-w-        c:\windows\system32\prevhost.exe
2011-04-27 05:10 . 2011-03-11 05:44        146304        ----a-w-        c:\windows\system32\drivers\storport.sys
2011-04-27 05:10 . 2011-03-11 05:44        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys
2011-04-27 05:10 . 2011-03-11 05:44        1210240        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2011-04-27 05:10 . 2011-03-11 05:44        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys
2011-04-27 05:10 . 2011-03-11 05:43        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys
2011-04-27 05:10 . 2011-03-11 05:39        1686016        ----a-w-        c:\windows\system32\esent.dll
2011-04-27 05:10 . 2011-03-11 05:43        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys
2011-04-27 05:10 . 2011-03-11 05:43        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys
2011-04-27 05:10 . 2011-03-11 05:37        74240        ----a-w-        c:\windows\system32\fsutil.exe
2011-04-27 05:10 . 2011-03-12 11:31        442880        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-27 05:10 . 2011-02-26 05:33        2614784        ----a-w-        c:\windows\explorer.exe
2011-04-18 15:15 . 2011-04-18 17:02        --------        d-----w-        c:\users\Alex\AppData\Roaming\DVDVideoSoft
2011-04-18 10:41 . 2011-04-18 12:23        --------        d-----w-        C:\Referat
2011-04-17 09:36 . 2011-04-29 19:22        --------        d-----w-        c:\users\Alex\AppData\Roaming\dvdcss
2011-04-15 21:01 . 2011-04-18 15:16        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2011-04-15 21:01 . 2011-04-18 15:15        --------        d-----w-        c:\program files\DVDVideoSoft
2011-04-15 20:51 . 2011-04-15 20:51        --------        d-----w-        c:\program files\eRightSoft
2011-04-14 11:24 . 2011-02-23 05:05        309760        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-04-14 11:24 . 2011-02-23 05:06        311296        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-04-14 11:24 . 2011-02-23 05:05        113664        ----a-w-        c:\windows\system32\drivers\srvnet.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 15:00 . 2009-08-18 10:30        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-28 15:00 . 2009-08-18 10:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-15 04:17 . 2011-02-04 20:07        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-15 04:17 . 2011-02-10 13:25        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-11 04:11 . 2011-04-04 03:38        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-11 04:11 . 2011-02-04 20:06        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-11 04:11 . 2011-02-10 13:25        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-09 16:55 . 2011-04-09 16:55        15453336        ----a-w-        c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55        13642904        ----a-w-        c:\windows\system32\xlivefnt.dll
2011-04-08 04:43 . 2011-02-04 20:06        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-19 05:33 . 2011-03-09 15:36        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 15:36        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 15:36        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-18 15:36 . 2011-02-18 15:36        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-02-11 20:47 . 2011-02-11 20:47        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-5\markup.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"EADM"="c:\program files\Electronic Arts\EADM\EADMUI.exe" [2011-03-03 11509760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-29 205744]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-29 103344]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-02-23 273544]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-1-23 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-06-11 968064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-07 3549224]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 3xHybrid;CTX SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2009-09-24 1006816]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 netr73;USB-Drahtlos-802.11 b/g-Adaptertreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 08:48]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 08:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t7fkiur8.default\
FF - prefs.js: browser.search.selectedEngine - iload.to
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4146598908-1969735870-1766285717-1000\Software\SecuROM\License information*]
"datasecu"=hex:b1,a3,0a,37,f4,69,89,17,f0,fe,c6,50,46,f3,d9,07,f7,10,16,d4,6b,
  7c,63,61,55,60,45,40,95,b4,fc,20,8b,87,c2,5c,8e,ca,5b,11,52,5b,e3,81,dc,93,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\schtasks.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-10  14:40:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-10 12:40
ComboFix2.txt  2011-05-10 11:44
.
Vor Suchlauf: 19 Verzeichnis(se), 201.242.181.632 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 200.741.298.176 Bytes frei
.
- - End Of File - - DF390F949202FDE660D4A9021D21D94D

cosinus 10.05.2011 14:09
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Kangoo96 10.05.2011 14:27
GMER hat sich aufgehangen!

Osam Log:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:25:31 on 10.05.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.17

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL
"Nero BurnRights 10" - "Nero AG" - C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys
"catchme" (catchme) - ? - C:\Users\Alex\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\Windows\System32\drivers\sfvfs02.sys
"VClone" (VClone) - "Elaborate Bytes AG" - C:\Windows\System32\DRIVERS\VClone.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Windows" - "Microsoft Corporation" - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "{F9DB5320-233E-11D1-9F84-707F02C10627}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Acrobat Assistant.lnk" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe  (Shortcut exists | File exists)
"Adobe Gamma Loader.exe.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"WDDMStatus.lnk" - "WDC" - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe  (Shortcut exists | File exists)
"WDSmartWare.lnk" - "Western Digital" - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"EADM" - "Electronic Arts" - "C:\Program Files\Electronic Arts\EADM\EADMUI.exe"
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"CloneCDTray" - "SlySoft, Inc." - "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"EzPrint" - "Lexmark International Inc." - "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard Co." - c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpsysdrv" - "Hewlett-Packard Company" - c:\hp\support\hpsysdrv.exe
"HPUsageTracking" - "Hewlett-Packard Company" - C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"KBD" - ? - C:\HP\KBD\KbdStub.EXE  (File found, but it contains no detailed information)
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"lxcgmon.exe" - "Lexmark International, Inc." - "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Nero MediaHome 4" - "Nero AG" - "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
"OsdMaestro" - "OsdMaestro" - "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateReg" - "Sun Microsystems, Inc." - "C:\Windows\system32\jureg.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_3f211bc.dll  (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Chasis Button Service" (HPBtnSrv) - ? - c:\hp\HPEZBTN\HPBtnSrv.exe  (File found, but it contains no detailed information)
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero MediaHome 4 Service" (NeroMediaHomeService.4) - "Nero AG" - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"WD SmartWare Background Service" (WDSmartWareBackgroundService) - "Memeo" - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
"WD SmartWare Drive Manager" (WDDMService) - "WDC" - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


-----------------------------------------------------------------


MBR-Check-Log:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Home Premium Edition
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        ASUSTek Computer INC.
BIOS Manufacturer:                Phoenix Technologies, LTD
System Manufacturer:                HP-Pavilion
System Product Name:                GU557AA-ABD m9070.de
Logical Drives Mask:                0x00003ffc

Kernel Drivers (total 216):
  0x82E42000 \SystemRoot\system32\ntkrnlpa.exe
  0x82E0B000 \SystemRoot\system32\halmacpi.dll
  0x80B98000 \SystemRoot\system32\kdcom.dll
  0x83831000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x8383C000 \SystemRoot\system32\PSHED.dll
  0x8384D000 \SystemRoot\system32\BOOTVID.dll
  0x83855000 \SystemRoot\system32\CLFS.SYS
  0x83897000 \SystemRoot\system32\CI.dll
  0x83942000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x839B3000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x83A16000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x83A5E000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x83A67000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x83A6F000 \SystemRoot\system32\DRIVERS\pci.sys
  0x83A99000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x83AA4000 \SystemRoot\System32\drivers\partmgr.sys
  0x83AB5000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x83AC5000 \SystemRoot\System32\drivers\volmgrx.sys
  0x83B10000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x83B17000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x83B25000 \SystemRoot\System32\drivers\mountmgr.sys
  0x83B44000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x83B4D000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x83B70000 \SystemRoot\system32\drivers\nvstor.sys
  0x83B95000 \SystemRoot\system32\drivers\storport.sys
  0x83BDC000 \SystemRoot\system32\DRIVERS\nvstor32.sys
  0x83A00000 \SystemRoot\system32\drivers\amdxata.sys
  0x839C1000 \SystemRoot\system32\drivers\fltmgr.sys
  0x83800000 \SystemRoot\system32\drivers\fileinfo.sys
  0x83A09000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8B804000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B933000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B95E000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B971000 \SystemRoot\System32\Drivers\cng.sys
  0x8B9CE000 \SystemRoot\System32\drivers\pcw.sys
  0x8B9DC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8BA0D000 \SystemRoot\system32\drivers\ndis.sys
  0x8BAC4000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8BB02000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8BC0E000 \SystemRoot\System32\drivers\tcpip.sys
  0x8BD57000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8BD88000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8BDC7000 \SystemRoot\System32\Drivers\spldr.sys
  0x8BDE3000 \SystemRoot\System32\drivers\sfhlp02.sys
  0x8BB27000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8BB54000 \SystemRoot\System32\Drivers\mup.sys
  0x8BE1C000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x8C33E000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8C346000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8C378000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8C389000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8C3F3000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x8BB64000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x8BB8A000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x91837000 \SystemRoot\system32\DRIVERS\klif.sys
  0x918BA000 \SystemRoot\System32\Drivers\Null.SYS
  0x918C1000 \SystemRoot\System32\Drivers\Beep.SYS
  0x918C8000 \SystemRoot\System32\drivers\vga.sys
  0x918D4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x918F5000 \SystemRoot\System32\drivers\watchdog.sys
  0x91902000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x9190A000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x91912000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x9191A000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x91925000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x91933000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x9194A000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x91955000 \SystemRoot\system32\DRIVERS\kl2.sys
  0x9195B000 \SystemRoot\system32\drivers\afd.sys
  0x919B5000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x919E7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x91800000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x9181F000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x919EE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x91827000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8BE00000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8BDCF000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8BBA9000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8BDEB000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8BDF5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8BC00000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x8BBEA000 \SystemRoot\System32\drivers\discache.sys
  0x8B9E5000 \SystemRoot\System32\Drivers\dfsc.sys
  0x83811000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x92438000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x92459000 \SystemRoot\system32\DRIVERS\amdk8.sys
  0x9246B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x92483000 \SystemRoot\system32\DRIVERS\PS2.sys
  0x92488000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x92495000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x9249F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x924EA000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x924F9000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x92C2E000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
  0x92D23000 \SystemRoot\system32\DRIVERS\ks.sys
  0x92D57000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
  0x92D5A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x92D79000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
  0x92D80000 \SystemRoot\System32\Drivers\AnyDVD.sys
  0x92D99000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x92D9F000 \SystemRoot\system32\DRIVERS\nvmf6232.sys
  0x94C00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x955FA000 \SystemRoot\System32\Drivers\nvBridge.kmd
  0x92530000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x94422000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9445B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x94468000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x9447A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x94492000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x9449D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x944BF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x944D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x944EE000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x94505000 \SystemRoot\System32\Drivers\pcouffin.sys
  0x94511000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x9451E000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x94520000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x9452E000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x9453C000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x94580000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x82629000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x828C6000 \SystemRoot\system32\drivers\portcls.sys
  0x828F5000 \SystemRoot\system32\drivers\drmk.sys
  0x9B750000 \SystemRoot\System32\win32k.sys
  0x8290E000 \SystemRoot\System32\drivers\Dxapi.sys
  0x82918000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x82925000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x8292F000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
  0x8294C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x8295D000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9B9B0000 \SystemRoot\System32\TSDDD.dll
  0x82968000 \SystemRoot\system32\drivers\USBSTOR.SYS
  0x8297F000 \SystemRoot\system32\drivers\USBD.SYS
  0x9B9E0000 \SystemRoot\System32\cdd.dll
  0x82981000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x82998000 \SystemRoot\system32\drivers\LVUSBSta.sys
  0x9DC0D000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
  0x9DE7F000 \SystemRoot\system32\DRIVERS\lv302af.sys
  0x9DE81000 \SystemRoot\system32\drivers\usbaudio.sys
  0x9DE95000 \SystemRoot\system32\DRIVERS\lvrs.sys
  0x9DF2D000 \SystemRoot\system32\drivers\luafv.sys
  0x9DF48000 \SystemRoot\system32\drivers\WudfPf.sys
  0x9DF62000 \SystemRoot\system32\DRIVERS\netr73.sys
  0x9DFF0000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9DC00000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x829A1000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x829E7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x82600000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9DC0A000 \SystemRoot\system32\DRIVERS\wdcsam.sys
  0x9FE2C000 \SystemRoot\system32\drivers\HTTP.sys
  0x9FEB1000 \SystemRoot\system32\DRIVERS\usbcir.sys
  0x9FECC000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0x9FEDA000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x9FEE5000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x9FEF0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x9FF03000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x9FF0A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x9FF16000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9FF21000 \SystemRoot\system32\DRIVERS\klmouflt.sys
  0x9FF2A000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x9FF39000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9FF52000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9FF64000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9FF87000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9FFC2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9FE00000 \SystemRoot\System32\Drivers\usbaapl.sys
  0xA9819000 \SystemRoot\system32\drivers\peauth.sys
  0xA98B0000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA98BA000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA98DB000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA98E8000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA9937000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA9989000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
  0x9B600000 \SystemRoot\System32\ATMFD.DLL
  0xA998E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x94591000 \SystemRoot\system32\drivers\spsys.sys
  0xA99AF000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x77100000 \Windows\System32\ntdll.dll
  0x481F0000 \Windows\System32\smss.exe
  0x77340000 \Windows\System32\apisetschema.dll
  0x00DD0000 \Windows\System32\autochk.exe
  0x77260000 \Windows\System32\msctf.dll
  0x770B0000 \Windows\System32\Wldap32.dll
  0x76FE0000 \Windows\System32\user32.dll
  0x76F80000 \Windows\System32\difxapi.dll
  0x76F00000 \Windows\System32\comdlg32.dll
  0x76E20000 \Windows\System32\kernel32.dll
  0x76DF0000 \Windows\System32\imagehlp.dll
  0x76D60000 \Windows\System32\oleaut32.dll
  0x77250000 \Windows\System32\nsi.dll
  0x77240000 \Windows\System32\psapi.dll
  0x76CB0000 \Windows\System32\msvcrt.dll
  0x76B50000 \Windows\System32\ole32.dll
  0x76B30000 \Windows\System32\sechost.dll
  0x76AF0000 \Windows\System32\ws2_32.dll
  0x769B0000 \Windows\System32\urlmon.dll
  0x75D60000 \Windows\System32\shell32.dll
  0x75D40000 \Windows\System32\imm32.dll
  0x75CE0000 \Windows\System32\shlwapi.dll
  0x75C40000 \Windows\System32\advapi32.dll
  0x75BB0000 \Windows\System32\clbcatq.dll
  0x75AB0000 \Windows\System32\wininet.dll
  0x75910000 \Windows\System32\setupapi.dll
  0x75870000 \Windows\System32\usp10.dll
  0x75820000 \Windows\System32\gdi32.dll
  0x75770000 \Windows\System32\rpcrt4.dll
  0x75760000 \Windows\System32\normaliz.dll
  0x75560000 \Windows\System32\iertutil.dll
  0x75550000 \Windows\System32\lpk.dll
  0x75500000 \Windows\System32\KernelBase.dll
  0x753E0000 \Windows\System32\crypt32.dll
  0x75350000 \Windows\System32\comctl32.dll
  0x75320000 \Windows\System32\cfgmgr32.dll
  0x75300000 \Windows\System32\devobj.dll
  0x752D0000 \Windows\System32\wintrust.dll
  0x752C0000 \Windows\System32\msasn1.dll

Processes (total 87):
      0 System Idle Process
      4 System
    320 C:\Windows\System32\smss.exe
    484 csrss.exe
    544 C:\Windows\System32\wininit.exe
    552 csrss.exe
    604 C:\Windows\System32\services.exe
    628 C:\Windows\System32\winlogon.exe
    668 C:\Windows\System32\lsass.exe
    676 C:\Windows\System32\lsm.exe
    796 C:\Windows\System32\svchost.exe
    860 C:\Windows\System32\nvvsvc.exe
    900 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\audiodg.exe
    1232 C:\Windows\System32\svchost.exe
    1332 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1344 C:\Windows\System32\nvvsvc.exe
    1432 C:\Windows\System32\svchost.exe
    1644 C:\Windows\System32\spoolsv.exe
    1680 C:\Windows\System32\svchost.exe
    1804 C:\Windows\System32\svchost.exe
    1824 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1892 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    1976 C:\Program Files\Bonjour\mDNSResponder.exe
    2024 C:\hp\HPEZBTN\HPBtnSrv.exe
    356 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    492 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    556 C:\Windows\System32\lxcgcoms.exe
    1780 C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
    1732 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2052 C:\Windows\System32\svchost.exe
    2096 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    2124 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    2212 C:\Windows\System32\taskhost.exe
    2320 C:\Windows\explorer.exe
    2388 C:\Windows\System32\dwm.exe
    2456 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2660 HP1006MC.EXE
    3052 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3392 C:\Windows\System32\SearchIndexer.exe
    3584 C:\Windows\System32\svchost.exe
    3676 C:\Windows\System32\taskhost.exe
    3824 C:\Windows\System32\svchost.exe
    2468 C:\Windows\RtHDVCpl.exe
    3000 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3100 C:\hp\support\hpsysdrv.exe
    2916 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    2300 C:\Windows\System32\schtasks.exe
    2104 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    1560 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    1040 C:\Windows\System32\conhost.exe
    1092 C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
    3988 C:\Program Files\Lexmark 2300 Series\ezprint.exe
    4220 C:\Program Files\HP\HP UT\bin\hppusg.exe
    4304 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4436 C:\Program Files\Real\RealPlayer\Update\realsched.exe
    4536 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    4724 C:\Program Files\iTunes\iTunesHelper.exe
    4824 C:\Program Files\Skype\Phone\Skype.exe
    4860 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    4956 C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    5052 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    5064 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    5576 C:\Program Files\iPod\bin\iPodService.exe
    4488 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5536 WUDFHost.exe
    6040 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
    5264 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    5704 C:\Program Files\Nero\Update\NASvc.exe
    5000 C:\Windows\System32\sppsvc.exe
    1256 C:\Windows\System32\svchost.exe
    1952 C:\hp\KBD\kbd.exe
    6056 C:\Windows\System32\wuauclt.exe
    5336 WmiPrvSE.exe
    4992 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2616 C:\Windows\System32\SearchProtocolHost.exe
    5984 C:\Windows\System32\SearchFilterHost.exe
    5904 C:\Windows\System32\msdt.exe
    2900 dllhost.exe
    5804 dllhost.exe
    640 C:\Windows\System32\sdiagnhost.exe
    4988 C:\Users\Alex\Desktop\MBRCheck.exe
    2568 C:\Windows\System32\conhost.exe
    3232 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000072`9cae6000  (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000  (NTFS)
\\.\M: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000  (NTFS)
\\.\N: --> \\.\PhysicalDrive2 at offset 0x0000017a`17100000  (NTFS)

PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.CH
PhysicalDrive1 Model Number: Ext HardDisk, Rev:
PhysicalDrive2 Model Number: WDMy Book 1111, Rev: 1032

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    465 GB  \\.\PhysicalDrive1  RE: Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
  1862 GB  \\.\PhysicalDrive2  RE: Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

cosinus 10.05.2011 15:07
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Kangoo96 10.05.2011 18:36
Malwarebytes Log:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6546

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10.05.2011 19:34:46
mbam-log-2011-05-10 (19-34-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|M:\|N:\|)
Durchsuchte Objekte: 669003
Laufzeit: 2 Stunde(n), 32 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:59 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130