Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. (https://www.trojaner-board.de/98948-trojaner-tr-spy-spyeyes-hbk-netbook-samsung-nc10-plus-gefunden.html)

Alexa85 11.05.2011 13:42
Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden.
 
Hallo!
Ich habe vorgestern via AntiVir 3 Trojaner mit den folgenden Namen:
'TR/Spy.SpyEyes.hbk'
'EXP/2010-4452.D'
'TR/Spy.SpyEyes.hby'

auf meinem Netbook gefunden. Ich wurde beim Online-Banking aufgefordert 50 TANs einzugeben, habe das Online-Konto sofort sperren lassen.

Ich habe Load.exe ausgeführt und den Text von OTL und Extras unten beigefügt.
Der Scan von Gamer hat leider nicht vollständig funktioniert, daher konnte ich auch die nötige Textdatei nicht beifügen.
Problem: während dem Scan verschwand die Maus und das Netbook ist abgestürzt. Musste dann neustarten und habe es insgesamt 4 mal versucht, immer mit dem selben Resultat.

Dieses Netbook besitzt kein CD-Rom Laufwerk. Wie kann ich ein Samsung NC10 Plus formatieren? System-Wiederherstellung ist nicht ausreichend, ich möchte komplett formatieren.

Ich hoffe, ihr könnt mir weiterhelfen!
Vielen Dank im Voraus,
Alexa85


OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 5/10/2011 7:44:10 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Alexa\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,013.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 56.12 Gb Free Space | 66.02% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 4.71 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
 
Computer Name: ALEXA-PC | User Name: Alexa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/10 19:27:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
PRC - [2011/05/02 09:03:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/27 19:03:03 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/17 09:23:57 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/07 00:02:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/10/22 17:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2010/10/22 17:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/08/02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/06/03 04:42:28 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe
PRC - [2010/05/11 17:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid\Vid.exe
PRC - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/04/07 20:30:32 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/04/07 20:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/04/07 15:40:06 | 000,843,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/25 21:44:26 | 001,891,720 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/03/24 06:12:58 | 001,599,880 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2010/01/14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/30 08:59:26 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/09 10:56:00 | 000,099,632 | ---- | M] () -- C:\Program Files\Stardock\MyColors\WBVista.exe
PRC - [2009/06/09 10:55:58 | 000,230,704 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\MyColors\VistaSrv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/10 19:27:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
MOD - [2010/11/14 20:30:26 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/02/12 01:14:38 | 000,271,752 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDApix.dll
MOD - [2009/06/10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/04/27 19:03:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/17 09:23:57 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/22 17:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/04/07 20:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/09 10:55:58 | 000,230,704 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/03/17 09:23:57 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 23:39:20 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/12 19:22:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/08/11 16:16:10 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2010/07/27 09:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2010/07/27 09:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/03/23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 09:03:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 09:03:14 | 000,000,000 | ---D | M]
 
[2010/11/12 16:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\mozilla\Extensions
[2011/05/09 21:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\mozilla\Firefox\Profiles\oybokiiu.default\extensions
[2010/12/27 10:06:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alexa\AppData\Roaming\mozilla\Firefox\Profiles\oybokiiu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/15 23:47:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alexa\AppData\Roaming\mozilla\Firefox\Profiles\oybokiiu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/15 23:47:09 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Alexa\AppData\Roaming\mozilla\Firefox\Profiles\oybokiiu.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/01/28 02:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/11/12 17:28:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/28 02:48:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/07 00:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/03/08 15:13:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/08 15:13:17 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/08 15:13:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/08 15:13:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/08 15:13:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alexa\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.206.100.126 129.206.210.127
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/10 19:39:31 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/05/10 19:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/05/10 19:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/10 19:27:34 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Alexa\Desktop\Erunt-setup.exe
[2011/05/10 19:27:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
[2011/05/10 19:27:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Alexa\Desktop\TFC.exe
[2011/05/09 20:35:06 | 000,000,000 | ---D | C] -- C:\Users\Alexa\Desktop\Vwl
[1 C:\Users\Alexa\Desktop\*.tmp files -> C:\Users\Alexa\Desktop\*.tmp -> ]
[1 C:\Users\Alexa\*.tmp files -> C:\Users\Alexa\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/10 19:42:01 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 19:42:01 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 19:38:09 | 000,000,894 | ---- | M] () -- C:\Users\Alexa\Desktop\NTREGOPT.lnk
[2011/05/10 19:38:09 | 000,000,875 | ---- | M] () -- C:\Users\Alexa\Desktop\ERUNT.lnk
[2011/05/10 19:34:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/10 19:33:53 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/10 19:28:05 | 000,302,080 | ---- | M] () -- C:\Users\Alexa\Desktop\g2m3e4r.exe
[2011/05/10 19:28:02 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Alexa\Desktop\Erunt-setup.exe
[2011/05/10 19:27:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\TFC.exe
[2011/05/10 19:27:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
[2011/05/10 18:15:44 | 000,010,472 | ---- | M] () -- C:\Users\Alexa\Desktop\stundenplan neu.pdf
[2011/05/09 20:37:19 | 000,071,159 | ---- | M] () -- C:\Users\Alexa\Desktop\ueb3final_neu_.pdf
[2011/04/29 23:24:57 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/04/29 23:24:57 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/29 23:24:57 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/04/29 23:24:57 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/15 08:48:22 | 000,403,712 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[1 C:\Users\Alexa\Desktop\*.tmp files -> C:\Users\Alexa\Desktop\*.tmp -> ]
[1 C:\Users\Alexa\*.tmp files -> C:\Users\Alexa\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/05/10 19:38:09 | 000,000,894 | ---- | C] () -- C:\Users\Alexa\Desktop\NTREGOPT.lnk
[2011/05/10 19:38:09 | 000,000,875 | ---- | C] () -- C:\Users\Alexa\Desktop\ERUNT.lnk
[2011/05/10 19:27:35 | 000,302,080 | ---- | C] () -- C:\Users\Alexa\Desktop\g2m3e4r.exe
[2011/05/10 18:15:44 | 000,010,472 | ---- | C] () -- C:\Users\Alexa\Desktop\stundenplan neu.pdf
[2011/05/09 20:37:19 | 000,071,159 | ---- | C] () -- C:\Users\Alexa\Desktop\ueb3final_neu_.pdf
[2010/11/14 15:58:38 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010/11/12 16:51:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/12 16:22:48 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/07/27 09:03:20 | 010,829,656 | ---- | C] () -- C:\windows\System32\LogiDPP.dll
[2010/07/27 09:03:20 | 000,102,744 | ---- | C] () -- C:\windows\System32\LogiDPPApp.exe
[2010/07/27 09:03:18 | 000,290,648 | ---- | C] () -- C:\windows\System32\DevManagerCore.dll
[2010/07/27 08:56:04 | 000,090,411 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2010/06/17 23:03:52 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/06/17 23:03:52 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/06/17 23:03:52 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/06/17 23:03:52 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/06/17 06:43:56 | 000,001,670 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/06/17 06:36:01 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys
[2010/03/23 14:26:48 | 000,201,512 | ---- | C] () -- C:\windows\System32\vpnapi.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,403,712 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/06/09 10:55:58 | 000,057,904 | ---- | C] () -- C:\windows\System32\wbload.dll
 
========== LOP Check ==========
 
[2010/11/12 19:49:55 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\DAEMON Tools Lite
[2010/12/27 10:06:58 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/11/18 17:25:48 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\Leadertech
[2011/04/17 10:55:00 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\Spotify
[2011/02/03 22:35:27 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\TeamViewer
[2011/04/20 16:34:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/11/12 16:39:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/06/17 06:31:16 | 000,000,000 | ---D | M] -- C:\Intel
[2010/11/12 20:12:04 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/05/10 19:38:08 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/02/02 16:37:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/02/12 17:45:33 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/05/09 21:33:56 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2011/05/10 09:55:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/11/12 16:15:23 | 000,000,000 | R--D | M] -- C:\Users
[2011/05/10 19:39:31 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-10 07:56:11
 
<          >

< End of report >
--- --- ---


Extras.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 5/10/2011 7:44:10 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Alexa\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,013.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 56.12 Gb Free Space | 66.02% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 4.71 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
 
Computer Name: ALEXA-PC | User Name: Alexa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}" = pdfforge Toolbar v4.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"JDownloader" = JDownloader
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"phase-6" = phase-6 2.1.1.3a
"Spotify" = Spotify
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/7/2011 4:06:23 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13619
 
Error - 5/7/2011 4:06:23 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13619
 
Error - 5/7/2011 6:02:49 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/7/2011 6:02:49 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1779
 
Error - 5/7/2011 6:02:49 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1779
 
Error - 5/7/2011 6:02:50 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/7/2011 6:02:50 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3151
 
Error - 5/7/2011 6:02:50 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3151
 
Error - 5/7/2011 6:02:52 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/7/2011 6:02:52 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4977
 
[ OSession Events ]
Error - 11/13/2010 4:49:22 PM | Computer Name = Alexa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1811
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 3/25/2011 7:47:21 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321
Description = Der Name "ALEXA-PC      :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 147.142.49.87  registriert werden. Der Computer mit IP-Adresse 129.206.15.208
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 3/25/2011 7:47:21 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321
Description = Der Name "ALEXA-PC      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 147.142.49.87  registriert werden. Der Computer mit IP-Adresse 129.206.15.208
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 3/25/2011 7:48:16 AM | Computer Name = Alexa-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{FFEF1639-F18D-4A45-8CFA-1A45C90CFC61} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 3/25/2011 7:48:16 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321
Description = Der Name "ALEXA-PC      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 147.142.13.122  registriert werden. Der Computer mit IP-Adresse 129.206.15.208
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 3/25/2011 7:48:16 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321
Description = Der Name "ALEXA-PC      :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 147.142.13.122  registriert werden. Der Computer mit IP-Adresse 129.206.15.208
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 3/25/2011 7:49:41 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321
Description = Der Name "ALEXA-PC      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 147.142.13.122  registriert werden. Der Computer mit IP-Adresse 129.206.15.208
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 3/25/2011 10:47:28 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321
Description = Der Name "ALEXA-PC      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 147.142.13.82  registriert werden. Der Computer mit IP-Adresse 129.206.15.144
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 3/25/2011 10:47:33 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321
Description = Der Name "ALEXA-PC      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 147.142.13.82  registriert werden. Der Computer mit IP-Adresse 129.206.15.144
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 3/25/2011 5:37:50 PM | Computer Name = Alexa-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 3/26/2011 7:13:21 AM | Computer Name = Alexa-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
 
< End of report >
--- --- ---

cosinus 11.05.2011 14:16
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Alexa85 11.05.2011 14:42
Hallo Arne,

vielen Dank für deine Antwort! Habe nun mein netbook mit der von dir angegebenen Malware scannen lassen.


Viele Grüße,
Alexa

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6554

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.05.2011 15:33:13
mbam-log-2011-05-11 (15-33-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146467
Laufzeit: 7 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

cosinus 11.05.2011 14:50
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Alexa85 11.05.2011 16:25
Hallo Arne,

habe die Aktualisierung und danach einen Vollscan durchgeführt.


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6555

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.05.2011 17:18:03
mbam-log-2011-05-11 (17-18-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 233476
Laufzeit: 44 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

cosinus 11.05.2011 20:35
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
PRC - [2010/10/22 17:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2010/10/22 17:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
SRV - [2010/10/22 17:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Program Files\pdfforge Toolbar
C:\Program Files\Common Files\Spigot
C:\Program Files\Application Updater
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Alexa85 11.05.2011 20:46
Habs gemacht:
Und was nun? :)


All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
Process ApplicationUpdater.exe killed successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\4.1 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome\content folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\Application Updater folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Alexa
->Temp folder emptied: 2496590 bytes
->Temporary Internet Files folder emptied: 33974 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33493575 bytes
->Flash cache emptied: 1742 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1440435 bytes
RecycleBin emptied: 10141 bytes

Total Files Cleaned = 36.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05112011_214119

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 11.05.2011 21:33
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Alexa85 11.05.2011 21:52
so, hat funktioniert mit TDSSKiller.. und nu? :)

2011/05/11 22:44:57.0115 2720 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/11 22:44:58.0456 2720 ================================================================================
2011/05/11 22:44:58.0456 2720 SystemInfo:
2011/05/11 22:44:58.0456 2720
2011/05/11 22:44:58.0456 2720 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/11 22:44:58.0456 2720 Product type: Workstation
2011/05/11 22:44:58.0457 2720 ComputerName: ALEXA-PC
2011/05/11 22:44:58.0457 2720 UserName: Alexa
2011/05/11 22:44:58.0457 2720 Windows directory: C:\windows
2011/05/11 22:44:58.0457 2720 System windows directory: C:\windows
2011/05/11 22:44:58.0458 2720 Processor architecture: Intel x86
2011/05/11 22:44:58.0458 2720 Number of processors: 2
2011/05/11 22:44:58.0458 2720 Page size: 0x1000
2011/05/11 22:44:58.0458 2720 Boot type: Normal boot
2011/05/11 22:44:58.0458 2720 ================================================================================
2011/05/11 22:44:59.0295 2720 Initialize success
2011/05/11 22:45:08.0793 5756 ================================================================================
2011/05/11 22:45:08.0793 5756 Scan started
2011/05/11 22:45:08.0793 5756 Mode: Manual;
2011/05/11 22:45:08.0793 5756 ================================================================================
2011/05/11 22:45:10.0462 5756 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/05/11 22:45:10.0546 5756 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/05/11 22:45:10.0679 5756 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/05/11 22:45:10.0779 5756 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/05/11 22:45:10.0909 5756 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/05/11 22:45:10.0994 5756 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/05/11 22:45:11.0172 5756 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/05/11 22:45:11.0233 5756 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/05/11 22:45:11.0357 5756 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/05/11 22:45:11.0517 5756 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/05/11 22:45:11.0578 5756 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/05/11 22:45:11.0728 5756 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/05/11 22:45:11.0791 5756 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/05/11 22:45:11.0894 5756 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/05/11 22:45:11.0965 5756 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
2011/05/11 22:45:12.0108 5756 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/05/11 22:45:12.0174 5756 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
2011/05/11 22:45:12.0377 5756 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/05/11 22:45:12.0588 5756 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/05/11 22:45:12.0643 5756 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/05/11 22:45:12.0785 5756 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/05/11 22:45:12.0939 5756 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/05/11 22:45:13.0042 5756 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys
2011/05/11 22:45:13.0181 5756 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\windows\system32\DRIVERS\avipbb.sys
2011/05/11 22:45:13.0342 5756 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/05/11 22:45:13.0482 5756 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/05/11 22:45:13.0639 5756 BCM43XX (f4d388dc3ff004aee886762d5cec7783) C:\windows\system32\DRIVERS\bcmwl6.sys
2011/05/11 22:45:13.0828 5756 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/05/11 22:45:14.0010 5756 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/05/11 22:45:14.0191 5756 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/05/11 22:45:14.0349 5756 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/05/11 22:45:14.0414 5756 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/05/11 22:45:14.0542 5756 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/05/11 22:45:14.0622 5756 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/05/11 22:45:14.0782 5756 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/05/11 22:45:14.0949 5756 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/05/11 22:45:15.0048 5756 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/05/11 22:45:15.0150 5756 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/05/11 22:45:15.0321 5756 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/05/11 22:45:15.0522 5756 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/05/11 22:45:15.0721 5756 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/05/11 22:45:15.0901 5756 btwampfl (7061fe1715e5aded120fe4c608609357) C:\windows\system32\drivers\btwampfl.sys
2011/05/11 22:45:16.0038 5756 btwaudio (a95b2fb3ca7b555b5cb306153f48ced8) C:\windows\system32\drivers\btwaudio.sys
2011/05/11 22:45:16.0108 5756 btwavdt (1f9cd885f1c548be93962ccabdb632e4) C:\windows\system32\drivers\btwavdt.sys
2011/05/11 22:45:16.0248 5756 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/05/11 22:45:16.0306 5756 btwrchid (a2d6c7b7b62a6c42dcb01204a6bd6fc2) C:\windows\system32\DRIVERS\btwrchid.sys
2011/05/11 22:45:16.0440 5756 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/05/11 22:45:16.0520 5756 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/05/11 22:45:16.0643 5756 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/05/11 22:45:16.0728 5756 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/05/11 22:45:16.0896 5756 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/05/11 22:45:16.0952 5756 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/05/11 22:45:17.0014 5756 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/05/11 22:45:17.0148 5756 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/05/11 22:45:17.0295 5756 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/05/11 22:45:17.0378 5756 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/05/11 22:45:17.0536 5756 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\windows\system32\DRIVERS\CVirtA.sys
2011/05/11 22:45:17.0720 5756 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\windows\system32\Drivers\CVPNDRVA.sys
2011/05/11 22:45:17.0839 5756 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/05/11 22:45:17.0976 5756 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/05/11 22:45:18.0053 5756 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/05/11 22:45:18.0179 5756 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\windows\system32\DRIVERS\dne2000.sys
2011/05/11 22:45:18.0309 5756 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/05/11 22:45:18.0441 5756 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/05/11 22:45:18.0687 5756 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/05/11 22:45:18.0953 5756 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/05/11 22:45:19.0078 5756 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/05/11 22:45:19.0189 5756 ETD (df4f000cfc05dec947d928a8f3adcd7a) C:\windows\system32\DRIVERS\ETD.sys
2011/05/11 22:45:19.0339 5756 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/05/11 22:45:19.0410 5756 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/05/11 22:45:19.0563 5756 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/05/11 22:45:19.0647 5756 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/05/11 22:45:19.0693 5756 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/05/11 22:45:19.0821 5756 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/05/11 22:45:19.0889 5756 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/05/11 22:45:20.0046 5756 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/05/11 22:45:20.0111 5756 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
2011/05/11 22:45:20.0238 5756 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/05/11 22:45:20.0401 5756 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/05/11 22:45:20.0536 5756 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/05/11 22:45:20.0621 5756 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/11 22:45:20.0780 5756 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/05/11 22:45:20.0861 5756 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/05/11 22:45:20.0996 5756 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/05/11 22:45:21.0058 5756 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/05/11 22:45:21.0098 5756 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/05/11 22:45:21.0152 5756 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/05/11 22:45:21.0319 5756 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/05/11 22:45:21.0444 5756 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/05/11 22:45:21.0605 5756 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/05/11 22:45:21.0727 5756 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/05/11 22:45:21.0791 5756 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/05/11 22:45:21.0949 5756 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/05/11 22:45:22.0036 5756 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
2011/05/11 22:45:22.0324 5756 igfx (99469637d568076ea5664daa8463c2e3) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/05/11 22:45:22.0643 5756 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/05/11 22:45:22.0844 5756 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\windows\system32\drivers\RTKVHDA.sys
2011/05/11 22:45:23.0059 5756 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/05/11 22:45:23.0121 5756 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/05/11 22:45:23.0270 5756 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/05/11 22:45:23.0334 5756 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/05/11 22:45:23.0385 5756 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/05/11 22:45:23.0557 5756 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/05/11 22:45:23.0607 5756 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/05/11 22:45:23.0658 5756 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/05/11 22:45:23.0802 5756 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/05/11 22:45:23.0866 5756 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/05/11 22:45:24.0005 5756 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/05/11 22:45:24.0080 5756 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/05/11 22:45:24.0297 5756 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/05/11 22:45:24.0436 5756 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/05/11 22:45:24.0575 5756 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/05/11 22:45:24.0646 5756 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/05/11 22:45:24.0764 5756 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/05/11 22:45:24.0834 5756 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/05/11 22:45:24.0979 5756 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\windows\system32\DRIVERS\LVPr2Mon.sys
2011/05/11 22:45:25.0070 5756 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\windows\system32\DRIVERS\lvrs.sys
2011/05/11 22:45:25.0401 5756 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\windows\system32\DRIVERS\lvuvc.sys
2011/05/11 22:45:25.0777 5756 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/05/11 22:45:25.0875 5756 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/05/11 22:45:26.0017 5756 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/05/11 22:45:26.0097 5756 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/05/11 22:45:26.0219 5756 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/05/11 22:45:26.0375 5756 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/05/11 22:45:26.0442 5756 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/05/11 22:45:26.0574 5756 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/05/11 22:45:26.0644 5756 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/05/11 22:45:26.0708 5756 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/05/11 22:45:26.0852 5756 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/05/11 22:45:27.0066 5756 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/05/11 22:45:27.0690 5756 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/05/11 22:45:28.0386 5756 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/05/11 22:45:28.0603 5756 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/05/11 22:45:29.0049 5756 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/05/11 22:45:29.0607 5756 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/05/11 22:45:29.0817 5756 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/05/11 22:45:30.0113 5756 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/05/11 22:45:30.0485 5756 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/05/11 22:45:30.0929 5756 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/05/11 22:45:32.0130 5756 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/05/11 22:45:32.0497 5756 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/05/11 22:45:32.0740 5756 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/05/11 22:45:32.0940 5756 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/05/11 22:45:33.0206 5756 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/05/11 22:45:33.0459 5756 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/05/11 22:45:33.0549 5756 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/05/11 22:45:33.0716 5756 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/05/11 22:45:33.0842 5756 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/05/11 22:45:34.0212 5756 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/05/11 22:45:34.0289 5756 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/05/11 22:45:34.0480 5756 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/05/11 22:45:34.0662 5756 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/05/11 22:45:34.0751 5756 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/05/11 22:45:35.0077 5756 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/05/11 22:45:35.0269 5756 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/05/11 22:45:35.0455 5756 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/05/11 22:45:35.0822 5756 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
2011/05/11 22:45:36.0029 5756 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/05/11 22:45:36.0215 5756 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
2011/05/11 22:45:36.0350 5756 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
2011/05/11 22:45:36.0510 5756 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/05/11 22:45:36.0617 5756 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/05/11 22:45:36.0957 5756 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/05/11 22:45:37.0152 5756 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/05/11 22:45:37.0296 5756 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/05/11 22:45:37.0396 5756 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/05/11 22:45:37.0521 5756 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/05/11 22:45:37.0608 5756 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/05/11 22:45:37.0852 5756 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/05/11 22:45:38.0023 5756 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/05/11 22:45:38.0586 5756 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/05/11 22:45:38.0810 5756 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/05/11 22:45:39.0026 5756 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/05/11 22:45:39.0138 5756 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/05/11 22:45:39.0352 5756 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/05/11 22:45:39.0445 5756 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/05/11 22:45:39.0591 5756 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/05/11 22:45:39.0677 5756 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/05/11 22:45:39.0866 5756 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/05/11 22:45:40.0047 5756 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/05/11 22:45:40.0220 5756 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/05/11 22:45:40.0296 5756 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/05/11 22:45:40.0483 5756 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/05/11 22:45:40.0666 5756 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/05/11 22:45:40.0927 5756 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/05/11 22:45:41.0082 5756 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/05/11 22:45:41.0243 5756 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/05/11 22:45:41.0427 5756 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/05/11 22:45:41.0598 5756 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/05/11 22:45:41.0782 5756 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/05/11 22:45:41.0841 5756 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/05/11 22:45:41.0967 5756 rtport (41ce6b172542a9a227e34a45881e1d2a) C:\windows\system32\drivers\rtport.sys
2011/05/11 22:45:42.0060 5756 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
2011/05/11 22:45:42.0229 5756 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/05/11 22:45:42.0295 5756 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/05/11 22:45:42.0481 5756 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/05/11 22:45:42.0670 5756 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/05/11 22:45:42.0718 5756 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/05/11 22:45:42.0772 5756 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/05/11 22:45:42.0885 5756 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/05/11 22:45:42.0935 5756 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/05/11 22:45:42.0987 5756 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/05/11 22:45:43.0039 5756 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/05/11 22:45:43.0220 5756 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/05/11 22:45:43.0288 5756 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/05/11 22:45:43.0408 5756 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/05/11 22:45:43.0469 5756 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/05/11 22:45:43.0635 5756 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/05/11 22:45:43.0770 5756 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
2011/05/11 22:45:43.0770 5756 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/11 22:45:43.0787 5756 sptd - detected LockedFile.Multi.Generic (1)
2011/05/11 22:45:43.0932 5756 srv (4a9b0f215de2519e2363f91df25c1e97) C:\windows\system32\DRIVERS\srv.sys
2011/05/11 22:45:44.0000 5756 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\windows\system32\DRIVERS\srv2.sys
2011/05/11 22:45:44.0050 5756 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\windows\system32\DRIVERS\srvnet.sys
2011/05/11 22:45:44.0211 5756 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
2011/05/11 22:45:44.0309 5756 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/05/11 22:45:44.0471 5756 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/05/11 22:45:44.0737 5756 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/05/11 22:45:44.0924 5756 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/05/11 22:45:45.0055 5756 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/05/11 22:45:45.0148 5756 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/05/11 22:45:45.0206 5756 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/05/11 22:45:45.0306 5756 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/05/11 22:45:45.0432 5756 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/05/11 22:45:45.0608 5756 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/05/11 22:45:45.0741 5756 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/05/11 22:45:45.0800 5756 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/05/11 22:45:45.0862 5756 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
2011/05/11 22:45:46.0031 5756 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/05/11 22:45:46.0096 5756 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/05/11 22:45:46.0210 5756 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/05/11 22:45:46.0310 5756 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\windows\system32\drivers\usbaudio.sys
2011/05/11 22:45:46.0433 5756 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/05/11 22:45:46.0505 5756 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/05/11 22:45:46.0639 5756 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\windows\system32\DRIVERS\usbehci.sys
2011/05/11 22:45:46.0702 5756 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\windows\system32\DRIVERS\usbhub.sys
2011/05/11 22:45:46.0836 5756 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/05/11 22:45:46.0900 5756 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/05/11 22:45:47.0048 5756 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\drivers\USBSTOR.SYS
2011/05/11 22:45:47.0111 5756 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/05/11 22:45:47.0242 5756 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/05/11 22:45:47.0442 5756 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/05/11 22:45:47.0555 5756 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/05/11 22:45:47.0652 5756 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/05/11 22:45:47.0794 5756 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/05/11 22:45:47.0848 5756 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/05/11 22:45:47.0900 5756 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/05/11 22:45:48.0018 5756 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/05/11 22:45:48.0078 5756 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/05/11 22:45:48.0137 5756 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/05/11 22:45:48.0250 5756 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/05/11 22:45:48.0330 5756 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/05/11 22:45:48.0504 5756 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/05/11 22:45:48.0592 5756 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/05/11 22:45:48.0768 5756 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/05/11 22:45:48.0864 5756 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/05/11 22:45:48.0940 5756 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/05/11 22:45:49.0191 5756 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/05/11 22:45:49.0327 5756 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/05/11 22:45:49.0620 5756 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/05/11 22:45:49.0709 5756 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/05/11 22:45:50.0222 5756 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/05/11 22:45:50.0667 5756 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/05/11 22:45:50.0995 5756 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/05/11 22:45:51.0251 5756 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/05/11 22:45:51.0592 5756 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
2011/05/11 22:45:52.0116 5756 ================================================================================
2011/05/11 22:45:52.0116 5756 Scan finished
2011/05/11 22:45:52.0116 5756 ================================================================================
2011/05/11 22:45:52.0168 4660 Detected object count: 1
2011/05/11 22:46:34.0406 4660 LockedFile.Multi.Generic(sptd) - User select action: Skip

cosinus 11.05.2011 22:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Alexa85 11.05.2011 23:01
So, beides erledigt.. und jetzt?

Combofix Logfile:
Code:
ComboFix 11-05-11.01 - Alexa 11.05.2011  23:17:18.1.2 - x86
Microsoft Windows 7 Starter  6.1.7600.0.1252.49.1031.18.1013.251 [GMT 2:00]
ausgeführt von:: c:\users\Alexa\Desktop\cofi.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-11 bis 2011-05-11  ))))))))))))))))))))))))))))))
.
.
2011-05-11 21:33 . 2011-05-11 21:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-11 19:41 . 2011-05-11 19:41        --------        d-----w-        C:\_OTL
2011-05-11 13:23 . 2011-05-11 13:23        --------        d-----w-        c:\users\Alexa\AppData\Roaming\Malwarebytes
2011-05-11 13:23 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-11 13:23 . 2011-05-11 13:23        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-11 13:23 . 2011-05-11 13:23        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-11 13:23 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-10 17:38 . 2011-05-10 17:38        --------        d-----w-        c:\program files\ERUNT
2011-05-10 07:55 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{75338500-C4AD-43EE-9E4C-D664F6AA5D8D}\mpengine.dll
2011-05-10 03:54 . 2011-05-10 03:54        --------        d-----w-        c:\windows\system32\wbem\it-IT
2011-05-10 03:54 . 2011-05-10 03:54        --------        d-----w-        c:\windows\system32\wbem\fr-FR
2011-05-10 03:54 . 2011-05-10 03:54        --------        d-----w-        c:\windows\system32\wbem\en-US
2011-04-27 09:33 . 2011-02-18 05:33        31232        ----a-w-        c:\windows\system32\prevhost.exe
2011-04-27 09:33 . 2011-03-11 05:44        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys
2011-04-27 09:33 . 2011-03-11 05:44        1210240        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2011-04-27 09:33 . 2011-03-11 05:44        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys
2011-04-27 09:33 . 2011-03-11 05:44        146304        ----a-w-        c:\windows\system32\drivers\storport.sys
2011-04-27 09:33 . 2011-03-11 05:43        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys
2011-04-27 09:33 . 2011-03-11 05:39        1686016        ----a-w-        c:\windows\system32\esent.dll
2011-04-27 09:33 . 2011-03-11 05:43        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys
2011-04-27 09:33 . 2011-03-11 05:43        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys
2011-04-27 09:33 . 2011-03-11 05:37        74240        ----a-w-        c:\windows\system32\fsutil.exe
2011-04-27 09:33 . 2011-03-12 11:31        442880        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-27 09:32 . 2011-02-26 05:33        2614784        ----a-w-        c:\windows\explorer.exe
2011-04-14 10:09 . 2011-02-23 05:06        311296        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-04-14 10:09 . 2011-02-23 05:05        309760        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-04-14 10:09 . 2011-02-23 05:05        113664        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-04-14 10:06 . 2011-03-11 05:40        1137664        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-14 10:06 . 2011-03-11 05:40        1164288        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-14 10:06 . 2011-02-23 05:05        221696        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 10:06 . 2011-02-23 05:05        95744        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 10:06 . 2011-02-23 05:05        123392        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 10:06 . 2011-02-23 05:05        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 07:23 . 2010-11-13 12:41        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 07:53        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 07:53        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 07:53        739840        ----a-w-        c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-03-25 1891720]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-06 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-7 828704]
phase-6 Reminder.lnk - c:\program files\phase-6\phase-6\reminder\reminder.exe [2009-7-13 1032192]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-3-2 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-06 286248]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-12 691696]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 109056]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\Alexa\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\oybokiiu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2171886030-2800087900-901861080-1000\Software\SecuROM\License information*]
"datasecu"=hex:ed,43,4c,eb,e3,d4,2d,70,b9,66,45,1b,45,37,01,cb,dc,af,a5,27,6b,
  5f,a5,38,0d,0a,a3,df,99,9a,9e,0d,df,89,68,96,3b,34,2e,63,37,a1,0f,cf,04,8e,\
"rkeysecu"=hex:ef,ab,bc,6b,aa,3e,fb,06,12,94,8a,e5,11,03,38,2a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-11  23:38:00
ComboFix-quarantined-files.txt  2011-05-11 21:37
.
Vor Suchlauf: 7 Verzeichnis(se), 61.042.278.400 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 60.948.635.648 Bytes frei
.
- - End Of File - - AB6855F5832302A9E06BE41357981642
--- --- ---

cosinus 12.05.2011 09:02
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Alexa85 12.05.2011 16:10
Hallo Arne,

hier die Texte:

GMER:GMER Logfile:
Code:
GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-12 16:52:33
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.PB2O
Running: 3wsqdvp8.exe; Driver: C:\Users\Alexa\AppData\Local\Temp\uglorpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                    81C53569 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              81C78092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?              System32\Drivers\sple.sys                                                                                          Das System kann den angegebenen Pfad nicht finden. !
.text          USBPORT.SYS!DllUnload                                                                                              93D4FD18 5 Bytes  JMP 857211D8
.text          ayo3w2ex.SYS                                                                                                        86BAF000 12 Bytes  [44, 58, 02, 82, EE, 56, 02, ...]
.text          ayo3w2ex.SYS                                                                                                        86BAF00D 9 Bytes  [37, 02, 82, 48, 5B, 02, 82, ...] {AAA ; ADD AL, [EDX-0x7dfda4b8]; ADD [EAX], AL}
.text          ayo3w2ex.SYS                                                                                                        86BAF017 41 Bytes  [00, DE, A7, 51, 86, E6, A5, ...]
.text          ayo3w2ex.SYS                                                                                                        86BAF041 128 Bytes  [86, C7, 81, 60, 85, C7, 81, ...]
.text          ayo3w2ex.SYS                                                                                                        86BAF0C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text          ...                                                                                                               

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [8641E042] \SystemRoot\System32\Drivers\sple.sys
IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                          [8641E6D6] \SystemRoot\System32\Drivers\sple.sys
IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [8641E800] \SystemRoot\System32\Drivers\sple.sys
IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                    [8641E13E] \SystemRoot\System32\Drivers\sple.sys
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortNotification]                                          00147880
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortQuerySystemTime]                                      78800C75
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortReadPortUchar]                                        06750015
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortStallExecution]                                        C25DC033
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortWritePortUchar]                                        458B0008
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortWritePortUlong]                                        6A006A08
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    50056A24
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                        005AB7E8
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  0001B800
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortGetParentBusType]                                      C25D0000
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortRequestCallback]                                      CCCC0008
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                CCCCCCCC
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  CCCCCCCC
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortCompleteRequest]                                      CCCCCCCC
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortCopyMemory]                                            53EC8B55
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortEtwTraceLog]                                          800C5D8B
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                            7500117B
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                127B806A
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  80647500
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  7500137B
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortInitialize]                                            157B805E
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortGetDeviceBase]                                        56587500
IAT            \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortDeviceStateChange]                                    8008758B

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              848011F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{27B6653C-BECA-4859-8E16-283C3165DBFD}                                            855EF1F8
Device          \Driver\sptd \Device\141655478                                                                                      sple.sys
Device          \Driver\volmgr \Device\VolMgrControl                                                                                83B3E1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    856D9500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{F20B5CFA-2C92-4703-A956-3C98B001D0F6}                                            855EF1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    856D9500
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    856D9500
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                    856D9500
Device          \Driver\usbehci \Device\USBPDO-4                                                                                    856E3500
Device          \Driver\PCI_PNP1476 \Device\00000061                                                                                sple.sys
Device          \Driver\ACPI_HAL \Device\00000056                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              83B3E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              83B3E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        85CA9500
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              83B3E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                  [866AF360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                      [866AF360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              83B3E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                            855EF1F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    856D9500
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    856D9500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    856D9500
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                    856D9500
Device          \Driver\usbehci \Device\USBFDO-4                                                                                    856E3500
Device          \Driver\ayo3w2ex \Device\Scsi\ayo3w2ex1                                                                            856B3500
Device          \Driver\ayo3w2ex \Device\Scsi\ayo3w2ex1Port1Path0Target0Lun0                                                        856B3500

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb16030e1                                       
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313acdf82                                       
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x43 0x91 0xFE 0x72 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0xA0 0xCC 0x9C 0x6C ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xC7 0xA0 0x20 0x6C ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x60 0x26 0x40 0x79 ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb16030e1 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313acdf82 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x43 0x91 0xFE 0x72 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0xA0 0xCC 0x9C 0x6C ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC7 0xA0 0x20 0x6C ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x60 0x26 0x40 0x79 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                              MBR read error
Disk            \Device\Harddisk0\DR0                                                                                              MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----
--- --- ---

OSAM:OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 17:04:58 on 12.05.2011

OS: Windows 7 Starter Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.17

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aq27qsre" (aq27qsre) - "Microsoft Corporation" - C:\windows\system32\drivers\aq27qsre.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Alexa\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\windows\system32\Drivers\CVPNDRVA.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys
"rtport" (rtport) - "Windows (R) 2003 DDK 3790 provider" - C:\windows\system32\drivers\rtport.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"phase-6 Reminder.lnk" - "phase-6" - C:\Program Files\phase-6\phase-6\reminder\reminder.exe  (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Vid\Vid.exe" -bootmode
"Logitech Vid HD" - "Logitech Inc." - "C:\Program Files\Logitech\Vid\vid.exe" -bootmode
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
"Stardock WindowBlinds" (WindowBlinds) - "Stardock Corporation" - C:\Program Files\Stardock\MyColors\VistaSrv.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

und MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Starter Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: N150P/N210P/N220P
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 189):
0x81C56000 \SystemRoot\system32\ntkrnlpa.exe
0x81C1F000 \SystemRoot\system32\halmacpi.dll
0x81B23000 \SystemRoot\system32\kdcom.dll
0x82217000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8228F000 \SystemRoot\system32\PSHED.dll
0x822A0000 \SystemRoot\system32\BOOTVID.dll
0x822A8000 \SystemRoot\system32\CLFS.SYS
0x822EA000 \SystemRoot\system32\CI.dll
0x8640B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8647C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8648A000 \SystemRoot\System32\Drivers\splo.sys
0x8657D000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x86586000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x865AC000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x865F4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x86400000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x82395000 \SystemRoot\system32\DRIVERS\pci.sys
0x823BF000 \SystemRoot\System32\drivers\partmgr.sys
0x823D0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x823D8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x823E3000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8662A000 \SystemRoot\System32\drivers\volmgrx.sys
0x86675000 \SystemRoot\System32\drivers\mountmgr.sys
0x8668B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x86765000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8676E000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x86791000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8679B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x867A9000 \SystemRoot\system32\drivers\amdxata.sys
0x867B2000 \SystemRoot\system32\drivers\fltmgr.sys
0x867E6000 \SystemRoot\system32\drivers\fileinfo.sys
0x86817000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86946000 \SystemRoot\System32\Drivers\msrpc.sys
0x86971000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86984000 \SystemRoot\System32\Drivers\cng.sys
0x869E1000 \SystemRoot\System32\drivers\pcw.sys
0x869EF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x86A0C000 \SystemRoot\system32\drivers\ndis.sys
0x86AC3000 \SystemRoot\system32\drivers\NETIO.SYS
0x86B01000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x86C3E000 \SystemRoot\System32\drivers\tcpip.sys
0x86D87000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86DB8000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x86DF7000 \SystemRoot\System32\Drivers\spldr.sys
0x86C00000 \SystemRoot\System32\drivers\rdyboost.sys
0x86C2D000 \SystemRoot\System32\Drivers\mup.sys
0x86B26000 \SystemRoot\System32\drivers\hwpolicy.sys
0x86B2E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x86B60000 \SystemRoot\system32\DRIVERS\disk.sys
0x86B71000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89F23000 \SystemRoot\System32\Drivers\Null.SYS
0x89F2A000 \SystemRoot\System32\Drivers\Beep.SYS
0x89F31000 \SystemRoot\System32\drivers\vga.sys
0x89F3D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x89F5E000 \SystemRoot\System32\drivers\watchdog.sys
0x89F6B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x89F73000 \SystemRoot\system32\drivers\rdpencdd.sys
0x89F7B000 \SystemRoot\system32\drivers\rdprefmp.sys
0x89F83000 \SystemRoot\System32\Drivers\Msfs.SYS
0x89F8E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89F9C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89FB3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x86BA3000 \SystemRoot\system32\drivers\afd.sys
0x89FBE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89FF0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x89F04000 \SystemRoot\system32\DRIVERS\pacer.sys
0x89E00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x86800000 \SystemRoot\system32\DRIVERS\netbios.sys
0x86600000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x86613000 \SystemRoot\system32\DRIVERS\termdd.sys
0x89E11000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x89FF7000 \??\C:\windows\system32\Drivers\SABI.sys
0x8AA2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8AA70000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8AA7A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AA84000 \SystemRoot\System32\drivers\discache.sys
0x8AA90000 \SystemRoot\System32\Drivers\dfsc.sys
0x8AAA8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8AAB6000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8AADC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AAFD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B03B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8B543000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8AB0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91832000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x91ACB000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x91AD5000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x91B26000 \SystemRoot\system32\drivers\usbuhci.sys
0x91B31000 \SystemRoot\system32\drivers\USBPORT.SYS
0x91B7C000 \SystemRoot\system32\drivers\usbehci.sys
0x91B8B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91B8F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91BA7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91BB4000 \SystemRoot\system32\DRIVERS\ETD.sys
0x91BD3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AB2E000 \SystemRoot\System32\Drivers\aq27qsre.SYS
0x91BE0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91800000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x9181F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8AB67000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91BED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AB7F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8ABA1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ABB9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ABD0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91BF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CE28000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CE5C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CE6A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CEAE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DA1B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8DD07000 \SystemRoot\system32\drivers\portcls.sys
0x8DD36000 \SystemRoot\system32\drivers\drmk.sys
0x8DD4F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DD6E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8DD74000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CEBF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8DD81000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x80E10000 \SystemRoot\System32\win32k.sys
0x8DD92000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DD9C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8DDB3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DDB5000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8DDD9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81070000 \SystemRoot\System32\TSDDD.dll
0x810A0000 \SystemRoot\System32\cdd.dll
0x8DDE4000 \SystemRoot\system32\drivers\luafv.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8CF99000 \SystemRoot\system32\drivers\WudfPf.sys
0x8CFB3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x89E17000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8CFC3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8CFD3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x89E5D000 \SystemRoot\system32\drivers\HTTP.sys
0x8CFE6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8CE00000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA7829000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA7864000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA7897000 \??\C:\windows\system32\Drivers\CVPNDRVA.sys
0xA7927000 \SystemRoot\system32\drivers\peauth.sys
0xA79BE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA79C8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA79E9000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA9805000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9854000 \SystemRoot\System32\DRIVERS\srv.sys
0xA98A6000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA98AB000 \SystemRoot\system32\DRIVERS\CVirtA.sys
0x77B80000 \Windows\System32\ntdll.dll
0x48300000 \Windows\System32\smss.exe
0x77DC0000 \Windows\System32\apisetschema.dll
0x00340000 \Windows\System32\autochk.exe
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77CE0000 \Windows\System32\msctf.dll
0x76F30000 \Windows\System32\shell32.dll
0x76ED0000 \Windows\System32\shlwapi.dll
0x76DD0000 \Windows\System32\wininet.dll
0x76D00000 \Windows\System32\user32.dll
0x76C70000 \Windows\System32\oleaut32.dll
0x76BF0000 \Windows\System32\comdlg32.dll
0x77CD0000 \Windows\System32\nsi.dll
0x76BD0000 \Windows\System32\sechost.dll
0x76B20000 \Windows\System32\rpcrt4.dll
0x76920000 \Windows\System32\iertutil.dll
0x77CC0000 \Windows\System32\lpk.dll
0x76900000 \Windows\System32\imm32.dll
0x768B0000 \Windows\System32\Wldap32.dll
0x767D0000 \Windows\System32\kernel32.dll
0x76720000 \Windows\System32\msvcrt.dll
0x76710000 \Windows\System32\psapi.dll
0x76700000 \Windows\System32\normaliz.dll
0x76560000 \Windows\System32\setupapi.dll
0x76420000 \Windows\System32\urlmon.dll
0x762C0000 \Windows\System32\ole32.dll
0x76260000 \Windows\System32\difxapi.dll
0x761C0000 \Windows\System32\advapi32.dll
0x76120000 \Windows\System32\usp10.dll
0x760F0000 \Windows\System32\imagehlp.dll
0x760B0000 \Windows\System32\ws2_32.dll
0x76060000 \Windows\System32\gdi32.dll
0x75FD0000 \Windows\System32\clbcatq.dll
0x75EB0000 \Windows\System32\crypt32.dll
0x75E60000 \Windows\System32\KernelBase.dll
0x75E30000 \Windows\System32\wintrust.dll
0x75E00000 \Windows\System32\cfgmgr32.dll
0x75D70000 \Windows\System32\comctl32.dll
0x75D50000 \Windows\System32\devobj.dll
0x75D40000 \Windows\System32\msasn1.dll

Processes (total 81):
0 System Idle Process
4 System
312 C:\Windows\System32\smss.exe
444 csrss.exe
500 C:\Windows\System32\wininit.exe
508 csrss.exe
564 C:\Windows\System32\winlogon.exe
604 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\audiodg.exe
1124 C:\Windows\System32\svchost.exe
1184 C:\Program Files\Stardock\MyColors\VistaSrv.exe
1200 C:\Program Files\Stardock\MyColors\WBVista.exe
1304 C:\Windows\System32\svchost.exe
1460 C:\Windows\System32\dwm.exe
1476 C:\Windows\System32\wlanext.exe
1484 C:\Windows\System32\conhost.exe
1500 C:\Windows\explorer.exe
1580 C:\Windows\System32\spoolsv.exe
1628 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1676 C:\Windows\System32\svchost.exe
1684 C:\Windows\System32\taskhost.exe
1860 C:\Windows\System32\hkcmd.exe
1916 C:\Windows\System32\igfxpers.exe
1932 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
1948 C:\Windows\System32\igfxsrvc.exe
1960 C:\Program Files\Elantech\ETDCtrl.exe
2040 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
332 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
664 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
828 C:\Windows\System32\taskeng.exe
1164 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
1416 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
1792 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
1380 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
1272 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
376 C:\Program Files\Samsung\SFB\SmartRestarter.exe
2112 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2148 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2224 C:\Program Files\Bonjour\mDNSResponder.exe
2260 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2276 C:\Program Files\iTunes\iTunesHelper.exe
2312 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
2368 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2376 C:\Windows\System32\conhost.exe
2400 C:\Windows\System32\svchost.exe
2412 C:\Program Files\Winamp\winampa.exe
2456 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
2516 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2548 C:\Windows\System32\svchost.exe
2612 C:\Program Files\DAEMON Tools Lite\DTLite.exe
2620 C:\Program Files\Logitech\Vid\Vid.exe
2644 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2724 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3268 C:\Windows\System32\igfxext.exe
3304 C:\Windows\System32\igfxsrvc.exe
3588 C:\Windows\System32\SearchIndexer.exe
3892 C:\Program Files\iPod\bin\iPodService.exe
112 C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
2580 C:\Program Files\Elantech\ETDCtrlHelper.exe
2428 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
4060 C:\Program Files\Mozilla Firefox\firefox.exe
1296 C:\Program Files\Mozilla Firefox\plugin-container.exe
3732 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
360 C:\Windows\System32\svchost.exe
4300 C:\Windows\System32\wuauclt.exe
4676 C:\Windows\System32\svchost.exe
4056 C:\Windows\System32\SearchProtocolHost.exe
1384 C:\Windows\System32\SearchFilterHost.exe
2868 C:\Windows\System32\rundll32.exe
3844 MpCmdRun.exe
916 dllhost.exe
4988 dllhost.exe
4480 C:\Users\Alexa\Downloads\MBRCheck.exe
5116 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000005`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`46600000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OC66G

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Alexa85 12.05.2011 16:11
Ich habe die Befürchtung, dass MBRCheck irgendwie nicht funktioniert hat..

cosinus 12.05.2011 18:16
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Win7 (32-Bit) installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Win7-Installations-DVD (32-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:10 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131