xpack.gen3 versteck Dateien/Festplatte beschädigt

brote · 12.06.2011, 22:39

Hallo,
ich habe mir besagten Trojaner eingefangen.
Avira konnte ihn nicht beseitigen.
Habe danach mit Malwarebytes einen Kurzscan durchgeführt und gefundene Dateien entfernen lassen.
Warnmeldungen seitdem verschwunden, Dateien jedoch immernoch versteckt.
Logfile von Malwarebytes:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6842

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.06.2011 23:31:19
mbam-log-2011-06-12 (23-31-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 179449
Laufzeit: 8 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\programdata\vmbaxaopywyflj.exe (Trojan.FakeAlert) -> 3776 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VmBaxAOpYwYFlj (Trojan.FakeAlert) -> Value: VmBaxAOpYwYFlj -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) -> Value: Userinit -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\vmbaxaopywyflj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Benjamin\AppData\Roaming\acroiehelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully.
c:\Users\Benjamin\AppData\Local\temp\tmpBED8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:41 on 12/06/2011 (Benjamin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU

AEMON Tools Lite -> Removed

Checking for services/drivers...

-=E.O.F=-

OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12.06.2011 23:49:28 - Run 2
OTL by OldTimer - Version 3.2.24.0     Folder = C:\Users\Benjamin\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,06% Memory free
4,00 Gb Paging File | 3,12 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,99 Gb Total Space | 0,86 Gb Free Space | 3,44% Space Free | Partition Type: NTFS
Drive D: | 273,09 Gb Total Space | 69,19 Gb Free Space | 25,34% Space Free | Partition Type: NTFS
Drive F: | 2,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BENJAMIN-NB | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benjamin\Desktop\OTL(1).exe (OldTimer Tools)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Program Files\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Palm, Inc\novacom\x86\novacomd.exe (Palm)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Benjamin\Desktop\OTL(1).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WTGService) -- D:\Program Files\Verbindungsassistent\WTGService.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (NovacomD) -- C:\Programme\Palm, Inc\novacom\x86\novacomd.exe (Palm)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcuxd) -- C:\Windows\System32\drivers\vpcuxd.sys (Microsoft Corporation)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (TTCinergyT2) TerraTec Cinergy T² (BDA) -- C:\Windows\System32\drivers\TTCinergyT2BDA.sys (TerraTec Electronic GmbH)
DRV - (PID_0920) Logitech QuickCam Express(PID_0920) -- C:\Windows\System32\drivers\LV532AV.SYS ()
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 43 0A E2 4F 12 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {b9615918-d3de-44a4-ab65-76df7ea1f1c1}:0.3.13
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.05.02 19:37:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.03 15:52:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.05.14 17:59:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2011.01.29 18:28:33 | 000,000,000 | ---D | M]
 
[2010.01.22 17:44:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Extensions
[2010.01.22 17:44:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.06.07 20:28:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions
[2011.05.26 21:24:02 | 000,000,000 | -H-D | M] (Flagfox) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.07.27 21:08:04 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.04.14 14:35:15 | 000,000,000 | -H-D | M] (Разпознаване на устройство Logitech) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\DeviceDetection@logitech.com
[2011.05.03 21:57:59 | 000,000,000 | -H-D | M] (FoxyProxy Standard) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\foxyproxy@eric.h.jung
[2010.05.30 18:29:00 | 000,001,819 | -H-- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\os8yk4py.default\searchplugins\bing.xml
[2011.04.08 18:28:05 | 000,002,059 | -H-- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\os8yk4py.default\searchplugins\daemon-search.xml
File not found (No name found) -- 
[2011.05.25 19:32:36 | 000,000,000 | -H-D | M] (Java String Helper) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\5015
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{B9615918-D3DE-44A4-AB65-76DF7EA1F1C1}.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2010.02.04 01:36:43 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010.01.22 18:44:51 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2011.04.22 13:23:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Camfrog] D:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Read with DeskBot - D:\Program Files\BellCraft.com\DeskBot\DeskBot.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\AutorunsDisabled\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.04.08 04:11:16 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Benjamin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip -  - File not found
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: avgnt - hkey= - key= - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: Camfrog - hkey= - key= - D:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogitechGalleryRepair - hkey= - key= -  File not found
MsConfig - StartUpReg: LogitechImageStudioTray - hkey= - key= -  File not found
MsConfig - StartUpReg: LVCOMS - hkey= - key= - C:\Programme\Common Files\Logitech\QCDriver3\LVComS.exe (Logitech Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: QCDriverInstaller - hkey= - key= - C:\Programme\Common Files\Logitech\QCDriver3\Lqdsw.exe (Logitech Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Remote Control Editor - hkey= - key= - C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: ScreenManager Pro for LCD - hkey= - key= - D:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
MsConfig - State: "startup" - 2
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.12 23:46:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL(1).exe
[2011.06.12 15:46:48 | 000,000,000 | ---D | C] -- C:\Programme\Creative Labs
[2011.06.12 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos Interactive
[2011.06.08 23:34:24 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 6.0
[2011.06.08 10:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TZ-Vokabeltrainer
[2011.06.08 08:51:00 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\Desktop\Bilder
[2011.06.08 07:53:07 | 000,000,000 | --SD | C] -- C:\cofi.exe
[2011.06.07 22:03:54 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011.05.28 19:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.05.28 19:23:36 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2011.05.28 19:23:30 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Local\Google
[2011.05.26 23:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.05.26 23:27:39 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.05.26 23:24:02 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.05.26 22:19:20 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Local\PokerStars.NET
[2011.05.26 22:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2011.05.26 17:15:52 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\MyPhoneExplorer
[2011.05.26 17:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2011.05.25 19:32:36 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\5015
[2011.05.25 19:32:20 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\xmldm
[2011.05.25 19:32:14 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\kock
[1 C:\Users\Benjamin\AppData\Roaming\*.tmp files -> C:\Users\Benjamin\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.12 23:46:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL(1).exe
[2011.06.12 23:44:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.12 23:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.12 23:43:36 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.12 23:42:53 | 000,014,112 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.12 23:42:53 | 000,014,112 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.12 23:41:18 | 000,050,477 | ---- | M] () -- C:\Users\Benjamin\Desktop\Defogger.exe
[2011.06.12 22:33:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.12 16:34:57 | 000,091,965 | -H-- | M] () -- C:\Users\Public\Documents\fragen.pdf
[2011.06.08 23:34:24 | 000,001,002 | -H-- | M] () -- C:\Users\Benjamin\Desktop\Camfrog Video Chat 6.0.lnk
[2011.06.08 11:22:37 | 002,798,414 | -H-- | M] () -- C:\Users\Benjamin\Desktop\schrank.jpg
[2011.06.08 08:27:58 | 000,656,484 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.08 08:27:58 | 000,616,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.08 08:27:58 | 000,130,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.08 08:27:58 | 000,107,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.08 07:45:10 | 000,000,039 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.06.07 22:03:52 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011.05.30 17:29:56 | 000,144,459 | -H-- | M] () -- C:\Users\Public\Documents\1306769195094133421398.pdf
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.26 17:30:51 | 000,000,029 | -H-- | M] () -- C:\Users\Benjamin\AppData\Roaming\urhtps.dat
[1 C:\Users\Benjamin\AppData\Roaming\*.tmp files -> C:\Users\Benjamin\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.12 23:41:17 | 000,050,477 | ---- | C] () -- C:\Users\Benjamin\Desktop\Defogger.exe
[2011.06.12 16:34:57 | 000,091,965 | -H-- | C] () -- C:\Users\Public\Documents\fragen.pdf
[2011.06.08 23:34:24 | 000,001,002 | -H-- | C] () -- C:\Users\Benjamin\Desktop\Camfrog Video Chat 6.0.lnk
[2011.06.08 11:21:27 | 002,798,414 | -H-- | C] () -- C:\Users\Benjamin\Desktop\schrank.jpg
[2011.06.08 07:45:10 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.05.30 17:29:56 | 000,144,459 | -H-- | C] () -- C:\Users\Public\Documents\1306769195094133421398.pdf
[2011.05.28 19:23:45 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.28 19:23:42 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.26 17:08:10 | 000,000,029 | -H-- | C] () -- C:\Users\Benjamin\AppData\Roaming\urhtps.dat
[2011.04.22 13:15:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.22 13:15:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.22 13:15:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.22 13:15:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.22 13:15:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.29 19:37:49 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.02.03 21:17:27 | 000,000,094 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.01.21 07:36:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.12.27 19:54:14 | 000,000,032 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\packet
[2010.11.30 22:35:18 | 000,007,605 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\Resmon.ResmonCfg
[2010.08.08 22:39:11 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2010.08.08 22:36:19 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2010.07.01 17:08:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.20 13:21:39 | 000,006,656 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.10 18:30:43 | 000,002,903 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2010.02.10 18:30:37 | 000,000,748 | ---- | C] () -- C:\Windows\cm106.ini
[2009.07.14 10:47:43 | 000,656,484 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,826 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,283,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,990 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.02.07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006.06.07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006.03.07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2005.01.31 10:13:22 | 000,163,328 | ---- | C] () -- C:\Windows\System32\drivers\LV532AV.SYS
[2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2011.01.29 19:04:07 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\.purple
[2011.05.25 19:32:36 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\5015
[2011.01.31 19:33:17 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Amazon
[2010.04.19 18:16:33 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\BellCraft.com
[2011.03.18 16:56:53 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Bytemobile
[2011.06.12 13:49:18 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Camfrog
[2010.01.22 18:57:38 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\CanuckSoftware
[2011.04.08 18:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2010.02.03 20:12:09 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\gtk-2.0
[2011.03.28 01:11:59 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Hi-Rez Studios
[2011.04.21 18:32:00 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\ICQ
[2011.05.25 19:32:14 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\kock
[2010.08.30 17:51:03 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\LolClient
[2010.12.22 20:19:03 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\ManyCam
[2010.12.01 16:13:28 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\MobMapUpdater
[2011.05.26 17:22:12 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\MyPhoneExplorer
[2011.04.21 18:31:05 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\NetSpeedMonitor
[2010.02.04 01:37:48 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\OpenOffice.org
[2010.02.17 22:46:43 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Red Kawa
[2011.06.12 22:55:17 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\SoftGrid Client
[2010.07.31 19:02:49 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\TerraTec
[2010.01.22 17:44:43 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Thunderbird
[2011.04.03 16:19:24 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\TP
[2010.05.09 22:09:58 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Trillian
[2010.04.12 18:07:36 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\TrueCrypt
[2010.04.12 18:59:13 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\TuneUp Software
[2010.12.29 12:43:34 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Tyef
[2010.09.12 02:00:07 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Verbindungsassistent
[2011.03.18 16:56:53 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Vodafone
[2011.06.10 08:26:07 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\xmldm
[2010.08.31 19:20:25 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.04.25 16:07:03 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.06.08 07:53:09 | 000,000,000 | --SD | M] -- C:\cofi.exe
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.01.22 17:19:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.06.07 18:50:28 | 000,000,000 | -H-D | M] -- C:\Download
[2010.05.02 14:03:02 | 000,000,000 | -H-D | M] -- C:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.06.12 15:46:48 | 000,000,000 | R--D | M] -- C:\Programme
[2011.06.12 23:31:19 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.01.22 17:19:58 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.06.08 07:53:09 | 000,000,000 | -H-D | M] -- C:\Qoobox
[2010.01.22 17:19:59 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.06.12 23:01:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.08.09 19:07:39 | 000,000,000 | -H-D | M] -- C:\temp
[2010.11.27 19:45:59 | 000,000,000 | -H-D | M] -- C:\TerraTec
[2010.06.07 18:52:38 | 000,000,000 | -H-D | M] -- C:\tmpDownload
[2010.08.29 21:30:13 | 000,000,000 | R--D | M] -- C:\Users
[2011.06.12 22:57:30 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | -H-- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | -H-- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-26 11:33:39
 
<           >
 
< End of report >

--- --- ---

cosinus · 14.06.2011, 10:45

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

brote · 14.06.2011, 12:04

Hallo Cosinus,
erstmal danke für die schnelle Antwort, bei dem enormen Aufkommen an Anfragen hier.
Hier alle Malwarebytes Logs, die ich habe:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6412

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.04.2011 17:33:03
mbam-log-2011-04-21 (17-33-03).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175743
Laufzeit: 6 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> 3792 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MRtPNAFMRSnT (Trojan.FakeAlert) -> Value: MRtPNAFMRSnT -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{5283BA48-B3A8-A4C7-4C8B-5FC46A91D3D3} (Trojan.ZbotR.Gen) -> Value: {5283BA48-B3A8-A4C7-4C8B-5FC46A91D3D3} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Benjamin\AppData\Local\Temp\0.29800580620327444.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6412

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.04.2011 21:44:51
mbam-log-2011-04-21 (21-44-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 305735
Laufzeit: 58 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6842

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.06.2011 23:31:19
mbam-log-2011-06-12 (23-31-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 179449
Laufzeit: 8 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\programdata\vmbaxaopywyflj.exe (Trojan.FakeAlert) -> 3776 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VmBaxAOpYwYFlj (Trojan.FakeAlert) -> Value: VmBaxAOpYwYFlj -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) -> Value: Userinit -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\vmbaxaopywyflj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Benjamin\AppData\Roaming\acroiehelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully.
c:\Users\Benjamin\AppData\Local\temp\tmpBED8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6842

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.06.2011 13:01:05
mbam-log-2011-06-14 (13-01-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|Q:\|)
Durchsuchte Objekte: 347896
Laufzeit: 1 Stunde(n), 4 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

23:04:31 Benjamin MESSAGE Protection started successfully
23:04:36 Benjamin MESSAGE IP Protection started successfully
23:08:56 Benjamin MESSAGE IP Protection stopped
23:21:25 Benjamin MESSAGE Protection started successfully
23:21:30 Benjamin MESSAGE IP Protection started successfully
23:24:24 Benjamin MESSAGE IP Protection stopped
23:35:39 Benjamin MESSAGE Protection started successfully
23:35:44 Benjamin MESSAGE IP Protection started successfully
23:37:36 Benjamin MESSAGE IP Protection stopped
23:46:14 Benjamin MESSAGE Protection started successfully
23:46:18 Benjamin MESSAGE IP Protection started successfully
23:48:19 Benjamin MESSAGE IP Protection stopped

cosinus · 14.06.2011, 12:46

Zitat:

[2011.06.08 07:53:09 | 000,000,000 | --SD | M] -- C:\cofi.exe

Warum hast du vor ein paar Tagen Combofix ausgeführt? Wer hat dich angewiesen?

brote · 14.06.2011, 13:22

Ganz ehrlich? Ich kann mich nicht dran erinnern das ausgeführt zu haben!
Das letzte mal am 22.04.11 auf Anweisung des Forums!
Keine Ahnung woher das kommt, ich hab hier auch Logs auf der Festplatte, die sind aber auch vom 22.04.11.
Zudem war ich zu dem Zeitpunkt meines Wissens nach arbeiten.
Also das irritiert mich jetzt selbst.
Kann das sein, dass ich da aus Versehen draufgeklickt und es direkt wieder geschlossen hab?

cosinus · 14.06.2011, 13:35

Dann "spinnt" das Änderungsdatum des Ordners. Wenn du es zuletzt nur auf Anweisung hin ausgeführt hast und sonst nicht ist das ok.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2010.12.29 12:43:34 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Tyef
[2011.06.10 08:26:07 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\xmldm
[2011.05.25 19:32:36 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\5015
[2011.05.25 19:32:14 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\kock
[2011.06.08 07:53:09 | 000,000,000 | -H-D | M] -- C:\Qoobox
[2011.06.08 07:53:07 | 000,000,000 | --SD | C] -- C:\cofi.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.04.08 04:11:16 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Stell uns bitte danach den Quarantäneordner von OTL zur Verfügung. Bitte dabei so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht behindern!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

brote · 14.06.2011, 13:48

Hier erstmal das Logfile:
========== OTL ==========
C:\Users\Benjamin\AppData\Roaming\Tyef folder moved successfully.
C:\Users\Benjamin\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Benjamin\AppData\Roaming\5015\components folder moved successfully.
C:\Users\Benjamin\AppData\Roaming\5015 folder moved successfully.
C:\Users\Benjamin\AppData\Roaming\kock folder moved successfully.
C:\Qoobox\TestC folder moved successfully.
C:\Qoobox\Test folder moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\ProgramData folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox\LastRun folder moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox folder moved successfully.
C:\cofi.exe\N_ folder moved successfully.
C:\cofi.exe\en-US folder moved successfully.
C:\cofi.exe\de-DE folder moved successfully.
C:\cofi.exe folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.0 log created on 06142011_143933

Files\Folders moved on Reboot...
File\Folder F:\AUTORUN.INF not found!

Registry entries deleted on Reboot...

Hochgeladen ist auch, aber was mir gerade auffällt ist, dass ich nur den Ordner mit den verschobenen Dateien hochgeladen hab, nicht den kompletten OTL...soll ich nochmal oder reicht der?
Sorry hab mich verlesen :-/

cosinus · 14.06.2011, 13:57

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

brote · 14.06.2011, 14:01

2011/06/14 14:59:50.0276 1864 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/14 14:59:50.0470 1864 ================================================================================
2011/06/14 14:59:50.0470 1864 SystemInfo:
2011/06/14 14:59:50.0470 1864
2011/06/14 14:59:50.0470 1864 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/14 14:59:50.0470 1864 Product type: Workstation
2011/06/14 14:59:50.0470 1864 ComputerName: BENJAMIN-NB
2011/06/14 14:59:50.0470 1864 UserName: Benjamin
2011/06/14 14:59:50.0470 1864 Windows directory: C:\Windows
2011/06/14 14:59:50.0470 1864 System windows directory: C:\Windows
2011/06/14 14:59:50.0470 1864 Processor architecture: Intel x86
2011/06/14 14:59:50.0470 1864 Number of processors: 2
2011/06/14 14:59:50.0470 1864 Page size: 0x1000
2011/06/14 14:59:50.0470 1864 Boot type: Normal boot
2011/06/14 14:59:50.0470 1864 ================================================================================
2011/06/14 14:59:51.0603 1864 Initialize success
2011/06/14 14:59:56.0717 0148 ================================================================================
2011/06/14 14:59:56.0717 0148 Scan started
2011/06/14 14:59:56.0717 0148 Mode: Manual;
2011/06/14 14:59:56.0717 0148 ================================================================================
2011/06/14 14:59:57.0514 0148 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/14 14:59:57.0566 0148 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/14 14:59:57.0617 0148 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/14 14:59:57.0671 0148 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/14 14:59:57.0713 0148 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/14 14:59:57.0749 0148 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/14 14:59:57.0813 0148 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/06/14 14:59:57.0856 0148 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/14 14:59:57.0903 0148 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/14 14:59:57.0953 0148 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/14 14:59:57.0988 0148 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/14 14:59:58.0021 0148 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/14 14:59:58.0065 0148 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/14 14:59:58.0101 0148 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/14 14:59:58.0156 0148 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/14 14:59:58.0197 0148 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/14 14:59:58.0227 0148 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/14 14:59:58.0291 0148 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/14 14:59:58.0388 0148 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/14 14:59:58.0428 0148 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/14 14:59:58.0469 0148 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/14 14:59:58.0503 0148 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/14 14:59:58.0629 0148 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/06/14 14:59:58.0693 0148 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/14 14:59:58.0722 0148 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/14 14:59:58.0809 0148 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/14 14:59:58.0867 0148 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/14 14:59:58.0920 0148 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/14 14:59:58.0973 0148 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/14 14:59:59.0043 0148 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/14 14:59:59.0077 0148 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/14 14:59:59.0103 0148 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/14 14:59:59.0144 0148 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/14 14:59:59.0227 0148 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/14 14:59:59.0254 0148 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/14 14:59:59.0291 0148 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/14 14:59:59.0347 0148 BthAvrcp (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/06/14 14:59:59.0411 0148 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/14 14:59:59.0443 0148 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/14 14:59:59.0480 0148 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/14 14:59:59.0513 0148 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/06/14 14:59:59.0565 0148 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/14 14:59:59.0724 0148 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/14 14:59:59.0778 0148 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/14 14:59:59.0827 0148 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/14 14:59:59.0881 0148 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/14 14:59:59.0936 0148 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/14 14:59:59.0964 0148 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/14 15:00:00.0005 0148 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/14 15:00:00.0048 0148 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/14 15:00:00.0091 0148 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/14 15:00:00.0146 0148 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/14 15:00:00.0211 0148 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/06/14 15:00:00.0340 0148 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/06/14 15:00:00.0385 0148 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/14 15:00:00.0430 0148 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/14 15:00:00.0503 0148 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/14 15:00:00.0546 0148 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/06/14 15:00:00.0614 0148 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/14 15:00:00.0743 0148 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/14 15:00:00.0849 0148 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/14 15:00:00.0892 0148 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/14 15:00:00.0971 0148 ewusbnet (7c18a6c99f4119d361a5ca028e788648) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/06/14 15:00:01.0015 0148 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/14 15:00:01.0056 0148 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/14 15:00:01.0109 0148 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/14 15:00:01.0149 0148 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/14 15:00:01.0186 0148 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/14 15:00:01.0214 0148 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/14 15:00:01.0256 0148 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/14 15:00:01.0306 0148 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/14 15:00:01.0351 0148 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/14 15:00:01.0384 0148 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/14 15:00:01.0434 0148 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/14 15:00:01.0482 0148 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/14 15:00:01.0539 0148 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/14 15:00:01.0582 0148 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/06/14 15:00:01.0606 0148 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/06/14 15:00:01.0695 0148 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/06/14 15:00:01.0794 0148 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/14 15:00:01.0847 0148 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/06/14 15:00:01.0893 0148 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/14 15:00:01.0920 0148 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/14 15:00:01.0955 0148 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/14 15:00:02.0000 0148 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/14 15:00:02.0063 0148 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/14 15:00:02.0129 0148 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/14 15:00:02.0190 0148 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/14 15:00:02.0309 0148 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/06/14 15:00:02.0354 0148 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/14 15:00:02.0436 0148 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/14 15:00:02.0494 0148 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/14 15:00:02.0543 0148 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/14 15:00:02.0682 0148 IntcAzAudAddService (a9d92a2d9f583892c91202502d979be1) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/14 15:00:02.0784 0148 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/14 15:00:02.0825 0148 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/14 15:00:02.0865 0148 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/14 15:00:02.0902 0148 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/14 15:00:02.0949 0148 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/14 15:00:03.0018 0148 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/14 15:00:03.0046 0148 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/14 15:00:03.0094 0148 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/14 15:00:03.0146 0148 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/14 15:00:03.0190 0148 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/14 15:00:03.0226 0148 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/14 15:00:03.0272 0148 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/14 15:00:03.0344 0148 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/14 15:00:03.0395 0148 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/14 15:00:03.0436 0148 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/14 15:00:03.0464 0148 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/14 15:00:03.0499 0148 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/14 15:00:03.0540 0148 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/14 15:00:03.0610 0148 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\Windows\system32\drivers\lvusbsta.sys
2011/06/14 15:00:03.0754 0148 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/14 15:00:03.0801 0148 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/14 15:00:03.0839 0148 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/14 15:00:03.0881 0148 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/14 15:00:03.0941 0148 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
2011/06/14 15:00:03.0989 0148 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/14 15:00:04.0024 0148 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/14 15:00:04.0078 0148 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/14 15:00:04.0113 0148 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/14 15:00:04.0152 0148 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/14 15:00:04.0193 0148 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/14 15:00:04.0234 0148 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/14 15:00:04.0307 0148 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/14 15:00:04.0348 0148 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/14 15:00:04.0392 0148 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/14 15:00:04.0421 0148 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/14 15:00:04.0458 0148 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/14 15:00:04.0512 0148 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/14 15:00:04.0549 0148 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/14 15:00:04.0569 0148 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/14 15:00:04.0626 0148 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/14 15:00:04.0658 0148 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/14 15:00:04.0693 0148 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/14 15:00:04.0730 0148 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/14 15:00:04.0767 0148 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/14 15:00:04.0794 0148 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/14 15:00:04.0821 0148 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/14 15:00:04.0844 0148 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/14 15:00:04.0908 0148 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/14 15:00:04.0973 0148 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/14 15:00:05.0030 0148 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/14 15:00:05.0068 0148 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/14 15:00:05.0101 0148 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/14 15:00:05.0134 0148 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/14 15:00:05.0165 0148 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/14 15:00:05.0189 0148 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/14 15:00:05.0225 0148 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/14 15:00:05.0399 0148 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/06/14 15:00:05.0584 0148 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/14 15:00:05.0661 0148 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/14 15:00:05.0698 0148 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/14 15:00:05.0761 0148 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/06/14 15:00:05.0813 0148 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/14 15:00:06.0037 0148 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/14 15:00:06.0316 0148 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/14 15:00:06.0359 0148 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/14 15:00:06.0401 0148 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/14 15:00:06.0436 0148 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/14 15:00:06.0517 0148 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/14 15:00:06.0549 0148 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/14 15:00:06.0578 0148 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/14 15:00:06.0607 0148 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/14 15:00:06.0646 0148 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/14 15:00:06.0687 0148 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/14 15:00:06.0715 0148 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/14 15:00:06.0765 0148 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/14 15:00:06.0873 0148 PID_0920 (a937c4e37c0c1003ce5fca1e5e103fdc) C:\Windows\system32\DRIVERS\LV532AV.SYS
2011/06/14 15:00:06.0955 0148 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/14 15:00:06.0991 0148 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/14 15:00:07.0045 0148 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/14 15:00:07.0112 0148 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
2011/06/14 15:00:07.0176 0148 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/14 15:00:07.0231 0148 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/14 15:00:07.0274 0148 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/14 15:00:07.0302 0148 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/14 15:00:07.0352 0148 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/14 15:00:07.0394 0148 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/14 15:00:07.0439 0148 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/14 15:00:07.0472 0148 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/14 15:00:07.0515 0148 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/14 15:00:07.0551 0148 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/14 15:00:07.0585 0148 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/14 15:00:07.0634 0148 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/06/14 15:00:07.0678 0148 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/14 15:00:07.0715 0148 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/14 15:00:07.0755 0148 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/14 15:00:07.0791 0148 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/14 15:00:07.0870 0148 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/14 15:00:07.0930 0148 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/14 15:00:08.0008 0148 RTL8167 (94a48c15d32d69867f03894a4e70a87a) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/06/14 15:00:08.0064 0148 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/06/14 15:00:08.0100 0148 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/06/14 15:00:08.0136 0148 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/06/14 15:00:08.0172 0148 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/06/14 15:00:08.0206 0148 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/06/14 15:00:08.0238 0148 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/06/14 15:00:08.0266 0148 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/06/14 15:00:08.0314 0148 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/14 15:00:08.0376 0148 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/14 15:00:08.0412 0148 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/14 15:00:08.0462 0148 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/14 15:00:08.0530 0148 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/06/14 15:00:08.0587 0148 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/14 15:00:08.0616 0148 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/14 15:00:08.0649 0148 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/14 15:00:08.0696 0148 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/14 15:00:08.0725 0148 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/14 15:00:08.0752 0148 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/14 15:00:08.0785 0148 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/14 15:00:08.0868 0148 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/06/14 15:00:08.0929 0148 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/06/14 15:00:08.0977 0148 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/06/14 15:00:09.0011 0148 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/06/14 15:00:09.0061 0148 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/14 15:00:09.0109 0148 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/14 15:00:09.0147 0148 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/14 15:00:09.0197 0148 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/14 15:00:09.0290 0148 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
2011/06/14 15:00:09.0401 0148 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
2011/06/14 15:00:09.0446 0148 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/14 15:00:09.0535 0148 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/06/14 15:00:09.0580 0148 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/14 15:00:09.0622 0148 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/14 15:00:09.0689 0148 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/14 15:00:09.0744 0148 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/14 15:00:09.0799 0148 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/14 15:00:09.0842 0148 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/14 15:00:09.0874 0148 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/14 15:00:09.0966 0148 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/06/14 15:00:10.0051 0148 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/14 15:00:10.0130 0148 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/14 15:00:10.0197 0148 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/14 15:00:10.0226 0148 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/14 15:00:10.0265 0148 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/14 15:00:10.0301 0148 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/14 15:00:10.0403 0148 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/06/14 15:00:10.0452 0148 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/14 15:00:10.0505 0148 TTCinergyT2 (a4a06dda70c8e7439c08b501408ad9d7) C:\Windows\system32\drivers\TTCinergyT2BDA.sys
2011/06/14 15:00:10.0557 0148 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/14 15:00:10.0589 0148 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/14 15:00:10.0626 0148 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/14 15:00:10.0702 0148 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/14 15:00:10.0757 0148 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/14 15:00:10.0805 0148 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/14 15:00:10.0857 0148 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/14 15:00:10.0912 0148 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/06/14 15:00:10.0952 0148 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/14 15:00:10.0991 0148 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/14 15:00:11.0033 0148 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/14 15:00:11.0078 0148 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/14 15:00:11.0116 0148 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/14 15:00:11.0167 0148 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/14 15:00:11.0244 0148 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/14 15:00:11.0284 0148 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/14 15:00:11.0319 0148 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/14 15:00:11.0374 0148 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/14 15:00:11.0419 0148 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/14 15:00:11.0445 0148 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/14 15:00:11.0486 0148 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/14 15:00:11.0530 0148 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/14 15:00:11.0564 0148 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/14 15:00:11.0593 0148 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/14 15:00:11.0646 0148 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/14 15:00:11.0680 0148 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/14 15:00:11.0716 0148 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/14 15:00:11.0746 0148 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/14 15:00:11.0779 0148 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/14 15:00:11.0842 0148 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/06/14 15:00:11.0899 0148 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/06/14 15:00:11.0929 0148 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/06/14 15:00:11.0969 0148 vpcuxd (f49c0d1f8dae860ee47e5f34ac0f6008) C:\Windows\system32\DRIVERS\vpcuxd.sys
2011/06/14 15:00:12.0032 0148 vpcvmm (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys
2011/06/14 15:00:12.0090 0148 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/14 15:00:12.0135 0148 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/06/14 15:00:12.0183 0148 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/14 15:00:12.0221 0148 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 15:00:12.0239 0148 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 15:00:12.0316 0148 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/14 15:00:12.0361 0148 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/14 15:00:12.0451 0148 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/14 15:00:12.0479 0148 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/14 15:00:12.0563 0148 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/14 15:00:12.0610 0148 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/14 15:00:12.0662 0148 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/14 15:00:12.0747 0148 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/14 15:00:12.0802 0148 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/14 15:00:12.0907 0148 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/14 15:00:12.0928 0148 ================================================================================
2011/06/14 15:00:12.0928 0148 Scan finished
2011/06/14 15:00:12.0928 0148 ================================================================================
2011/06/14 15:00:12.0941 3600 Detected object count: 0
2011/06/14 15:00:12.0941 3600 Actual detected object count: 0

cosinus · 14.06.2011, 14:02

Gut. Dann bitte ein neues CF-Log erstellen, CF als cofi.exe natürlich neu herunterladen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

brote · 14.06.2011, 14:20

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-06-13.06 - Benjamin 14.06.2011  15:09:43.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2046.1139 [GMT 2:00]
ausgeführt von:: c:\users\Benjamin\Desktop\Cofi.exe.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-14 bis 2011-06-14  ))))))))))))))))))))))))))))))
.
.
2011-06-14 13:16 . 2011-06-14 13:16	--------	d-----w-	c:\users\Benjamin\AppData\Local\temp
2011-06-14 13:16 . 2011-06-14 13:16	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-06-14 13:16 . 2011-06-14 13:16	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-06-14 13:16 . 2011-06-14 13:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-14 13:16 . 2011-06-14 13:16	--------	d-----w-	c:\users\Benjamin2\AppData\Local\temp
2011-06-14 12:39 . 2011-06-14 12:39	--------	d-----w-	C:\_OTL
2011-06-12 13:46 . 2011-06-12 13:46	--------	d-----w-	c:\program files\Creative Labs
2011-06-12 13:46 . 1999-07-06 12:13	40960	----a-w-	c:\windows\system32\eax.dll
2011-05-28 17:23 . 2011-05-28 17:24	--------	d-----w-	c:\program files\Google
2011-05-28 17:23 . 2011-05-28 17:24	--------	d-----w-	c:\users\Benjamin\AppData\Local\Google
2011-05-26 21:27 . 2011-05-26 21:27	--------	d-----w-	c:\program files\iPod
2011-05-26 21:24 . 2011-05-26 21:24	--------	d-----w-	c:\program files\Bonjour
2011-05-26 20:19 . 2011-06-12 15:40	--------	d-----w-	c:\users\Benjamin\AppData\Local\PokerStars.NET
2011-05-26 15:15 . 2011-05-26 15:22	--------	d-----w-	c:\users\Benjamin\AppData\Roaming\MyPhoneExplorer
2011-05-25 17:32 . 2011-05-25 17:32	112	----a-w-	c:\users\Benjamin\AppData\Roaming\srvblck2.tmp
2011-05-25 17:19 . 2011-04-09 05:56	123904	----a-w-	c:\windows\system32\poqexec.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2011-04-21 14:51	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-04-21 14:51	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-09 06:13 . 2011-05-11 15:42	3957632	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 15:42	3901824	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-04-08 16:28 . 2011-04-08 16:28	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-03-18 14:55 . 2011-03-18 14:55	8464	----a-w-	c:\windows\system32\SpOrder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Camfrog"="d:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2011-01-18 54664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"Malwarebytes' Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Benjamin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Benjamin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 16:17	47904	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08	209153	----a-w-	d:\programme\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2011-01-18 12:10	54664	----a-w-	d:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	d:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 23:22	421160	----a-w-	d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 15:54	127022	----a-w-	c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-06 10:52	13605408	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-06 10:52	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCDriverInstaller]
2002-12-10 16:34	638976	----a-w-	c:\progra~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor]
2010-06-09 09:47	1689088	----a-w-	c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-01-19 18:10	8452640	------w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenManager Pro for LCD]
2009-03-02 04:07	12080424	----a-w-	d:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14	1173504	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-03 14:44	15028104	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 13:46	1458176	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17	434176	----a-w-	d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-03-31 198656]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-07-29 13224]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 TTCinergyT2;TerraTec Cinergy T² (BDA);c:\windows\system32\drivers\TTCinergyT2BDA.sys [2005-10-06 22528]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-27 1343400]
R4 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-08 218688]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [2010-01-12 33792]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 WTGService;WTGService;d:\program files\Verbindungsassistent\wtgservice.exe [2010-09-11 329168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-29 27632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 87719612
*Deregistered* - 87719612
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 17:23]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 17:23]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = localhost;*.local
IE: Read with DeskBot - d:\program files\BellCraft.com\DeskBot\DeskBot.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\os8yk4py.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-LogitechGalleryRepair - d:\program files\Logitech\ImageStudio\ISStart.exe
MSConfigStartUp-LogitechImageStudioTray - d:\program files\Logitech\ImageStudio\LogiTray.exe
AddRemove-FINAL FANTASY VIII - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-14  15:19:00
ComboFix-quarantined-files.txt  2011-06-14 13:18
ComboFix2.txt  2011-04-22 11:27
.
Vor Suchlauf: 544.493.568 Bytes frei
Nach Suchlauf: 564.965.376 Bytes frei
.
- - End Of File - - 70416F0DE44304283AB3962C6C1C15DE

--- --- ---

cosinus · 14.06.2011, 14:28

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

File::
c:\windows\system32\eax.dll
c:\users\Benjamin\AppData\Roaming\srvblck2.tmp

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

brote · 14.06.2011, 15:00

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-06-13.06 - Benjamin 14.06.2011  15:33:29.3.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2046.1207 [GMT 2:00]
ausgeführt von:: c:\users\Benjamin\Desktop\Cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\Benjamin\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Benjamin\AppData\Roaming\srvblck2.tmp"
"c:\windows\system32\eax.dll"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Benjamin\AppData\Roaming\srvblck2.tmp
c:\windows\system32\eax.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-14 bis 2011-06-14  ))))))))))))))))))))))))))))))
.
.
2011-06-14 13:39 . 2011-06-14 13:40	--------	d-----w-	c:\users\Benjamin\AppData\Local\temp
2011-06-14 13:39 . 2011-06-14 13:39	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-06-14 13:39 . 2011-06-14 13:39	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-06-14 13:39 . 2011-06-14 13:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-14 13:39 . 2011-06-14 13:39	--------	d-----w-	c:\users\Benjamin2\AppData\Local\temp
2011-06-14 13:07 . 2011-06-14 13:19	--------	d-----w-	C:\Cofi.exe
2011-06-14 12:39 . 2011-06-14 12:39	--------	d-----w-	C:\_OTL
2011-06-12 13:46 . 2011-06-12 13:46	--------	d-----w-	c:\program files\Creative Labs
2011-05-28 17:23 . 2011-05-28 17:24	--------	d-----w-	c:\program files\Google
2011-05-28 17:23 . 2011-05-28 17:24	--------	d-----w-	c:\users\Benjamin\AppData\Local\Google
2011-05-26 21:27 . 2011-05-26 21:27	--------	d-----w-	c:\program files\iPod
2011-05-26 21:24 . 2011-05-26 21:24	--------	d-----w-	c:\program files\Bonjour
2011-05-26 20:19 . 2011-06-12 15:40	--------	d-----w-	c:\users\Benjamin\AppData\Local\PokerStars.NET
2011-05-26 15:15 . 2011-05-26 15:22	--------	d-----w-	c:\users\Benjamin\AppData\Roaming\MyPhoneExplorer
2011-05-25 17:19 . 2011-04-09 05:56	123904	----a-w-	c:\windows\system32\poqexec.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2011-04-21 14:51	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-04-21 14:51	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-09 06:13 . 2011-05-11 15:42	3957632	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 15:42	3901824	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-04-08 16:28 . 2011-04-08 16:28	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-03-18 14:55 . 2011-03-18 14:55	8464	----a-w-	c:\windows\system32\SpOrder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Camfrog"="d:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2011-01-18 54664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"Malwarebytes' Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Benjamin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Benjamin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 16:17	47904	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08	209153	----a-w-	d:\programme\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2011-01-18 12:10	54664	----a-w-	d:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	d:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 23:22	421160	----a-w-	d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 15:54	127022	----a-w-	c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-06 10:52	13605408	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-06 10:52	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCDriverInstaller]
2002-12-10 16:34	638976	----a-w-	c:\progra~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor]
2010-06-09 09:47	1689088	----a-w-	c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-01-19 18:10	8452640	------w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenManager Pro for LCD]
2009-03-02 04:07	12080424	----a-w-	d:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14	1173504	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-03 14:44	15028104	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 13:46	1458176	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17	434176	----a-w-	d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-03-31 198656]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-07-29 13224]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 TTCinergyT2;TerraTec Cinergy T² (BDA);c:\windows\system32\drivers\TTCinergyT2BDA.sys [2005-10-06 22528]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-27 1343400]
R4 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-08 218688]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [2010-01-12 33792]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 WTGService;WTGService;d:\program files\Verbindungsassistent\wtgservice.exe [2010-09-11 329168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-29 27632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 87719612
*Deregistered* - 87719612
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 17:23]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 17:23]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = localhost;*.local
IE: Read with DeskBot - d:\program files\BellCraft.com\DeskBot\DeskBot.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\os8yk4py.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-14  15:42:18
ComboFix-quarantined-files.txt  2011-06-14 13:42
ComboFix2.txt  2011-06-14 13:19
ComboFix3.txt  2011-04-22 11:27
.
Vor Suchlauf: 619.925.504 Bytes frei
Nach Suchlauf: 560.668.672 Bytes frei
.
- - End Of File - - 2D2BA63780F7ED73725E6FA2CBF38507

--- --- ---

neu gestartet hat er wohl nicht...

cosinus · 14.06.2011, 15:01

Stell uns bitte danach den Quarantäneordner von CF zur Verfügung. Bitte dabei so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

brote · 14.06.2011, 15:09

! Kann den Inhalt von C:\Qoobox\BackEnv\* nicht lesen.
! Konnte Qoobox.rar nicht erstellen.
! Zugriff verweigert

xpack.gen3 versteck Dateien/Festplatte beschädigt

Plagegeister aller Art und deren Bekämpfung: xpack.gen3 versteck Dateien/Festplatte beschädigt