keine Zugriffsrechte mehr auf Ordnern / Trojaner TR/Crypt.XPACK.Gen

cosinus · 26.07.2011, 20:06

Zitat:

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Wieso müllst du dir das System mit nutzlosen Toolbars zu?

Deinstalliere über Systemsteuerung unter Software bzw. Programme und Funktionen alles wo Toolbar zu sehen ist. Bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

Nippi88 · 26.07.2011, 22:00

ich kann nicht über die Systemsteuerung deinstallieren, weil ich iwie keine Rechte mehr hab - frag mich nicht warum

cosinus · 27.07.2011, 10:36

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Users\Nippi\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8cc93ed50000000000000015e9aeb84a&tlver=1.4.19.19&ss=1&affID=17395
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.losstarten.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60429
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
KCU\..\URLSearchHook: {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q="
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Nippi\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
[2011.06.21 15:47:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.04 18:27:02 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.16 17:30:39 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.17 09:17:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\engine@conduit.com
[2011.06.13 14:26:49 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com
[2010.07.22 16:38:27 | 000,000,873 | ---- | M] () -- C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\conduit.xml
[2011.07.25 11:05:29 | 000,000,950 | ---- | M] () -- C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\icqplugin-1.xml
[2011.05.26 10:23:32 | 000,000,950 | ---- | M] () -- C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\icqplugin-2.xml
[2011.06.22 19:45:33 | 000,000,950 | ---- | M] () -- C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\icqplugin-3.xml
[2011.07.04 19:26:55 | 000,000,950 | ---- | M] () -- C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\icqplugin-4.xml
[2011.05.24 18:13:08 | 000,001,056 | ---- | M] () -- C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\icqplugin.xml
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b68abeb9-6815-11df-a3e0-6cf04971abc1}\Shell - "" = AutoRun
O33 - MountPoints2\{b68abeb9-6815-11df-a3e0-6cf04971abc1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
:Files
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\softonic-de3
C:\Program Files (x86)\ICQ6Toolbar
C:\Program Files (x86)\ConduitEngine
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Nippi88 · 27.07.2011, 12:36

So hier das FIX Log

========== OTL ==========
No active process named Program Files was found!
No active process named Program Files was found!
No active process named Program Files was found!
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files (x86)\softonic-de3\tbsoft.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ deleted successfully.
C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File C:\Program Files (x86)\softonic-de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{CD90BF73-20F6-44EF-993D-BB920303BD2E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Crawler Search" removed from browser.search.order.1
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: toolbar@ask.com:3.11.3.15590 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=" removed from keyword.URL
File HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Nippi\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) not found.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-22-Jul-2010-17-03-58-GMT folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-12-Aug-2010-14-44-59-GMT folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-11-Nov-2010-12-06-28-GMT folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-04-Nov-2010-20-48-16-GMT folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-20-Mar-2011-12-40-55-GMT folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-04-Jun-2011-07-33-40-GMT folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-18-Apr-2011-07-24-19-GMT folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-13-Jun-2011-12-26-44-GMT folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Nippi\AppData\Roaming\mozilla\Firefox\Profiles\h19y2m65.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\conduit.xml moved successfully.
C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\searchplugins\icqplugin.xml moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b68abeb9-6815-11df-a3e0-6cf04971abc1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b68abeb9-6815-11df-a3e0-6cf04971abc1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b68abeb9-6815-11df-a3e0-6cf04971abc1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b68abeb9-6815-11df-a3e0-6cf04971abc1}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CD90BF73-20F6-44EF-993D-BB920303BD2E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\Program Files (x86)\softonic-de3 folder moved successfully.
C:\Program Files (x86)\ICQ6Toolbar folder moved successfully.
C:\Program Files (x86)\ConduitEngine folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07272011_133118

cosinus · 27.07.2011, 13:09

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Nippi88 · 28.07.2011, 13:18

so...

editiert

2011/07/28 14:08:36.0013 3776 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/28 14:08:36.0535 3776 ================================================================================
2011/07/28 14:08:36.0535 3776 SystemInfo:
2011/07/28 14:08:36.0535 3776
2011/07/28 14:08:36.0535 3776 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/28 14:08:36.0535 3776 Product type: Workstation
2011/07/28 14:08:36.0535 3776 ComputerName: NIPPI-PC
2011/07/28 14:08:36.0535 3776 UserName: Nippi
2011/07/28 14:08:36.0535 3776 Windows directory: C:\Windows
2011/07/28 14:08:36.0535 3776 System windows directory: C:\Windows
2011/07/28 14:08:36.0535 3776 Running under WOW64
2011/07/28 14:08:36.0535 3776 Processor architecture: Intel x64
2011/07/28 14:08:36.0535 3776 Number of processors: 4
2011/07/28 14:08:36.0535 3776 Page size: 0x1000
2011/07/28 14:08:36.0535 3776 Boot type: Normal boot
2011/07/28 14:08:36.0535 3776 ================================================================================
2011/07/28 14:08:37.0332 3776 Initialize success
2011/07/28 14:08:55.0107 4416 ================================================================================
2011/07/28 14:08:55.0107 4416 Scan started
2011/07/28 14:08:55.0107 4416 Mode: Manual;
2011/07/28 14:08:55.0107 4416 ================================================================================
2011/07/28 14:08:55.0834 4416 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/28 14:08:55.0861 4416 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/28 14:08:55.0885 4416 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/28 14:08:55.0941 4416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/28 14:08:55.0964 4416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/28 14:08:55.0978 4416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/28 14:08:56.0045 4416 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/28 14:08:56.0067 4416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/28 14:08:56.0102 4416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/28 14:08:56.0126 4416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/28 14:08:56.0140 4416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/28 14:08:56.0299 4416 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/28 14:08:56.0406 4416 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/07/28 14:08:56.0428 4416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/28 14:08:56.0460 4416 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/28 14:08:56.0481 4416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/28 14:08:56.0519 4416 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/28 14:08:56.0537 4416 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/28 14:08:56.0570 4416 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/28 14:08:56.0586 4416 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/28 14:08:56.0617 4416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/28 14:08:56.0634 4416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/28 14:08:56.0679 4416 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
2011/07/28 14:08:56.0784 4416 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/28 14:08:56.0862 4416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/28 14:08:56.0903 4416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/28 14:08:56.0944 4416 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/28 14:08:56.0979 4416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/28 14:08:57.0021 4416 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/28 14:08:57.0040 4416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/28 14:08:57.0050 4416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/28 14:08:57.0074 4416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/28 14:08:57.0093 4416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/28 14:08:57.0113 4416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/28 14:08:57.0123 4416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/28 14:08:57.0141 4416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/28 14:08:57.0175 4416 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/28 14:08:57.0208 4416 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/28 14:08:57.0234 4416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/28 14:08:57.0272 4416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/28 14:08:57.0324 4416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/28 14:08:57.0344 4416 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/28 14:08:57.0376 4416 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/28 14:08:57.0411 4416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/28 14:08:57.0425 4416 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/28 14:08:57.0445 4416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/28 14:08:57.0477 4416 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/07/28 14:08:57.0532 4416 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/28 14:08:57.0553 4416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/28 14:08:57.0581 4416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/28 14:08:57.0618 4416 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/28 14:08:57.0662 4416 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/28 14:08:57.0688 4416 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/07/28 14:08:57.0760 4416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/28 14:08:57.0824 4416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/28 14:08:57.0850 4416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/28 14:08:57.0879 4416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/28 14:08:57.0897 4416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/28 14:08:57.0925 4416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/28 14:08:57.0954 4416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/28 14:08:57.0969 4416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/28 14:08:57.0985 4416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/28 14:08:57.0996 4416 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/28 14:08:58.0013 4416 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/28 14:08:58.0025 4416 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/28 14:08:58.0068 4416 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/28 14:08:58.0096 4416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/28 14:08:58.0141 4416 GDPkIcpt (badf3e223fbb4f3fa9939391cf9ca9e4) C:\Windows\system32\drivers\PktIcpt.sys
2011/07/28 14:08:58.0191 4416 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/28 14:08:58.0293 4416 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/28 14:08:58.0333 4416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/28 14:08:58.0370 4416 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/28 14:08:58.0400 4416 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/28 14:08:58.0421 4416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/28 14:08:58.0443 4416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/28 14:08:58.0463 4416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/28 14:08:58.0491 4416 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/28 14:08:58.0523 4416 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/28 14:08:58.0551 4416 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/28 14:08:58.0585 4416 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/28 14:08:58.0600 4416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/28 14:08:58.0635 4416 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/07/28 14:08:58.0660 4416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/28 14:08:58.0724 4416 IntcAzAudAddService (76877dd763a2287f58908795f3f5cccb) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/28 14:08:58.0751 4416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/28 14:08:58.0782 4416 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/28 14:08:58.0807 4416 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/28 14:08:58.0830 4416 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/28 14:08:58.0853 4416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/28 14:08:58.0888 4416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/28 14:08:58.0912 4416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/28 14:08:58.0930 4416 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/28 14:08:58.0959 4416 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
2011/07/28 14:08:58.0983 4416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/28 14:08:58.0997 4416 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/28 14:08:59.0023 4416 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/28 14:08:59.0062 4416 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/28 14:08:59.0081 4416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/28 14:08:59.0137 4416 LGBusEnum (db164eb571fd118d277d939510b0f562) C:\Windows\system32\drivers\LGBusEnum.sys
2011/07/28 14:08:59.0168 4416 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/28 14:08:59.0199 4416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/28 14:08:59.0217 4416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/28 14:08:59.0237 4416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/28 14:08:59.0260 4416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/28 14:08:59.0285 4416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/28 14:08:59.0320 4416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/28 14:08:59.0347 4416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/28 14:08:59.0366 4416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/28 14:08:59.0376 4416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/28 14:08:59.0399 4416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/28 14:08:59.0429 4416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/28 14:08:59.0450 4416 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/28 14:08:59.0471 4416 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/28 14:08:59.0489 4416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/28 14:08:59.0503 4416 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/28 14:08:59.0529 4416 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/28 14:08:59.0551 4416 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/28 14:08:59.0569 4416 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/28 14:08:59.0587 4416 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/28 14:08:59.0607 4416 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/28 14:08:59.0636 4416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/28 14:08:59.0655 4416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/28 14:08:59.0672 4416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/28 14:08:59.0711 4416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/28 14:08:59.0723 4416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/28 14:08:59.0738 4416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/28 14:08:59.0756 4416 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/28 14:08:59.0774 4416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/28 14:08:59.0784 4416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/28 14:08:59.0803 4416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/28 14:08:59.0823 4416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/28 14:08:59.0862 4416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/28 14:08:59.0918 4416 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/28 14:08:59.0940 4416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/28 14:08:59.0966 4416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/28 14:08:59.0985 4416 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/28 14:09:00.0003 4416 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/28 14:09:00.0021 4416 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/28 14:09:00.0036 4416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/28 14:09:00.0055 4416 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/28 14:09:00.0101 4416 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
2011/07/28 14:09:00.0133 4416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/28 14:09:00.0161 4416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/28 14:09:00.0175 4416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/28 14:09:00.0222 4416 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/07/28 14:09:00.0256 4416 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/28 14:09:00.0298 4416 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/07/28 14:09:00.0335 4416 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/07/28 14:09:00.0363 4416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/28 14:09:00.0383 4416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/28 14:09:00.0445 4416 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/28 14:09:00.0463 4416 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/28 14:09:00.0484 4416 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/28 14:09:00.0503 4416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/28 14:09:00.0535 4416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/28 14:09:00.0556 4416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/28 14:09:00.0576 4416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/28 14:09:00.0645 4416 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/28 14:09:00.0668 4416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/28 14:09:00.0706 4416 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/28 14:09:00.0744 4416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/28 14:09:00.0772 4416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/28 14:09:00.0793 4416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/28 14:09:00.0811 4416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/28 14:09:00.0847 4416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/28 14:09:00.0866 4416 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/28 14:09:00.0887 4416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/28 14:09:00.0905 4416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/28 14:09:00.0925 4416 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/28 14:09:00.0944 4416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/28 14:09:00.0960 4416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/28 14:09:00.0985 4416 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/07/28 14:09:01.0004 4416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/28 14:09:01.0024 4416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/28 14:09:01.0042 4416 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/28 14:09:01.0075 4416 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/28 14:09:01.0109 4416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/28 14:09:01.0145 4416 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/28 14:09:01.0167 4416 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/28 14:09:01.0232 4416 SASDIFSV (b2a29cc6c019fe738c39037c6218444c) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/07/28 14:09:01.0264 4416 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/07/28 14:09:01.0284 4416 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/28 14:09:01.0300 4416 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/28 14:09:01.0332 4416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/28 14:09:01.0359 4416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/28 14:09:01.0387 4416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/28 14:09:01.0411 4416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/28 14:09:01.0436 4416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/28 14:09:01.0455 4416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/28 14:09:01.0466 4416 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/28 14:09:01.0477 4416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/28 14:09:01.0506 4416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/28 14:09:01.0527 4416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/28 14:09:01.0548 4416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/28 14:09:01.0592 4416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/28 14:09:01.0643 4416 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/28 14:09:01.0672 4416 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/28 14:09:01.0713 4416 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/28 14:09:01.0747 4416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/28 14:09:01.0770 4416 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/28 14:09:01.0787 4416 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/28 14:09:01.0808 4416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/28 14:09:01.0870 4416 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/28 14:09:01.0911 4416 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/28 14:09:01.0934 4416 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/28 14:09:01.0957 4416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/28 14:09:01.0971 4416 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/28 14:09:01.0986 4416 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/28 14:09:02.0007 4416 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/28 14:09:02.0044 4416 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/28 14:09:02.0068 4416 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/28 14:09:02.0085 4416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/28 14:09:02.0104 4416 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/28 14:09:02.0139 4416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/28 14:09:02.0160 4416 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/28 14:09:02.0175 4416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/28 14:09:02.0206 4416 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/28 14:09:02.0235 4416 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/28 14:09:02.0253 4416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/28 14:09:02.0286 4416 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
2011/07/28 14:09:02.0323 4416 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/28 14:09:02.0363 4416 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/07/28 14:09:02.0388 4416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/28 14:09:02.0417 4416 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/28 14:09:02.0437 4416 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/07/28 14:09:02.0460 4416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/28 14:09:02.0483 4416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/28 14:09:02.0499 4416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/28 14:09:02.0522 4416 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/28 14:09:02.0556 4416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/28 14:09:02.0576 4416 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/28 14:09:02.0593 4416 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/28 14:09:02.0612 4416 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/28 14:09:02.0638 4416 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/28 14:09:02.0657 4416 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/28 14:09:02.0697 4416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/28 14:09:02.0720 4416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/28 14:09:02.0747 4416 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/28 14:09:02.0785 4416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/28 14:09:02.0806 4416 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/28 14:09:02.0818 4416 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/28 14:09:02.0851 4416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/28 14:09:02.0874 4416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/28 14:09:02.0908 4416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/28 14:09:02.0939 4416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/28 14:09:03.0012 4416 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/28 14:09:03.0035 4416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/28 14:09:03.0068 4416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/28 14:09:03.0097 4416 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/28 14:09:03.0119 4416 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/28 14:09:03.0158 4416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/28 14:09:03.0167 4416 Boot (0x1200) (b4325ad06e10403387027db7c31cd00e) \Device\Harddisk0\DR0\Partition0
2011/07/28 14:09:03.0181 4416 Boot (0x1200) (4943e7e07b83bc6db7fa6898bf297bdb) \Device\Harddisk0\DR0\Partition1
2011/07/28 14:09:03.0184 4416 ================================================================================
2011/07/28 14:09:03.0184 4416 Scan finished
2011/07/28 14:09:03.0184 4416 ================================================================================
2011/07/28 14:09:03.0190 2496 Detected object count: 0
2011/07/28 14:09:03.0190 2496 Actual detected object count: 0

cosinus · 28.07.2011, 13:20

Log ist unvollständig...

Nippi88 · 28.07.2011, 14:45

habs editiert =)

cosinus · 28.07.2011, 14:50

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Nippi88 · 24.08.2011, 20:46

soo hab endlich mal zeit gefunden das durch zuführen.

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-08-24.04 - Nippi 24.08.2011  21:32:44.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.4091.2635 [GMT 2:00]
ausgeführt von:: c:\users\Nippi\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nippi\GermanyWonderking.exe-downloader.exe
c:\users\Nippi\SystemCheck_deDE.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-24 bis 2011-08-24  ))))))))))))))))))))))))))))))
.
.
2011-08-24 19:36 . 2011-08-24 19:36	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-08-24 19:36 . 2011-08-24 19:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-23 15:15 . 2011-08-12 04:10	8862544	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{693FC873-71A1-4AB3-B856-A44446344FA0}\mpengine.dll
2011-08-14 18:10 . 2011-08-14 18:26	--------	d-----w-	c:\users\Nippi\AppData\Local\TeamSpeak 3 Client
2011-08-14 15:44 . 2011-08-14 15:44	--------	d-----w-	c:\users\Gast\AppData\Roaming\MinecraftTools
2011-08-14 15:17 . 2011-08-14 16:02	--------	d-----w-	c:\users\Gast\AppData\Roaming\.minecraft
2011-08-10 06:16 . 2011-08-10 06:16	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2011-08-04 15:21 . 2011-08-04 15:22	21840	----atw-	c:\windows\SysWow64\SIntfNT.dll
2011-08-04 15:21 . 2011-08-04 15:22	17212	----atw-	c:\windows\SysWow64\SIntf32.dll
2011-08-04 15:21 . 2011-08-04 15:22	12067	----atw-	c:\windows\SysWow64\SIntf16.dll
2011-08-04 15:13 . 2011-08-04 15:13	2829	----a-w-	c:\windows\DIIUnin.pif
2011-08-04 15:13 . 2011-08-04 15:13	102400	----a-w-	c:\windows\DIIUnin.exe
2011-08-04 15:06 . 2011-08-19 23:54	--------	dc----w-	C:\Diablo II
2011-07-31 20:54 . 2011-07-31 21:32	--------	dc----w-	C:\Fraps
2011-07-28 16:19 . 2010-12-06 16:46	--------	dc----w-	C:\WTF_1900-1200v4a
2011-07-27 11:31 . 2011-07-27 11:31	--------	dc----w-	C:\_OTL
2011-07-26 09:59 . 2011-07-26 09:59	--------	d-----w-	c:\programdata\ATI
2011-07-26 09:59 . 2011-07-26 09:59	--------	d-----w-	c:\program files (x86)\AMD APP
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-10 23:17	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-07-06 17:52 . 2011-05-09 16:25	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-05-09 16:25	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-11 02:56 . 2011-07-13 08:45	3134464	----a-w-	c:\windows\system32\win32k.sys
2011-06-04 07:31 . 2011-06-04 07:31	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-06-04 07:30 . 2010-10-20 13:54	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-28 12:56 . 2011-05-28 12:56	71680	----a-w-	c:\windows\system32\frapsv64.dll
2011-05-28 12:56 . 2011-05-28 12:56	65536	----a-w-	c:\windows\SysWow64\frapsvid.dll
2011-05-27 18:41 . 2011-05-27 18:41	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-27 17:40 . 2011-05-27 17:40	1166144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Nippi\Program Files (x86)\DNA\btdna.exe" [2010-07-04 323392]
"ICQ"="c:\program files (x86)\ICQ7.0\ICQ.exe" [2011-01-05 133432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-17 5471104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-07-07 216064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
c:\users\Nippi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-3-10 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files (x86)\MagicTune Premium\GammaTray.exe [2011-4-6 36864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 136176]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 136176]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-08-04 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-17 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 05:30]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 05:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Nippi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Nippi\AppData\Roaming\Mozilla\Firefox\Profiles\h19y2m65.default\
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
BHO-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
BHO-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Counter-Strike: Condition Zero - c:\valve\CONDIT~1\UNWISE.EXE
AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-softonic-de3 Toolbar - c:\progra~2\SOFTON~1\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\MagicTune Premium\MagicTuneEngine.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-08-24  21:41:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-08-24 19:41
.
Vor Suchlauf: 19 Verzeichnis(se), 863.121.629.184 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 863.897.075.712 Bytes frei
.
- - End Of File - - C552DE5187003247741887F31A3ABE15

--- --- ---

cosinus · 25.08.2011, 11:06

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Nippi88 · 25.08.2011, 17:05

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-25 17:52:27
-----------------------------
17:52:27.225 OS Version: Windows x64 6.1.7600
17:52:27.225 Number of processors: 4 586 0x1E05
17:52:27.225 ComputerName: NIPPI-PC UserName: Nippi
17:52:28.478 Initialize success
17:53:53.548 AVAST engine defs: 11082500
17:54:20.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
17:54:20.564 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
17:54:22.589 Disk 0 MBR read successfully
17:54:22.594 Disk 0 MBR scan
17:54:22.600 Disk 0 Windows 7 default MBR code
17:54:22.606 Service scanning
17:54:23.522 Modules scanning
17:54:23.528 Disk 0 trace - called modules:
17:54:23.536 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:54:23.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800475d060]
17:54:23.550 3 CLASSPNP.SYS[fffff880019ab43f] -> nt!IofCallDriver -> [0xfffffa80044f2520]
17:54:23.557 5 ACPI.sys[fffff88000f3f781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa80044f3060]
17:54:25.042 AVAST engine scan C:\Windows
17:54:27.714 AVAST engine scan C:\Windows\system32
17:55:24.176 AVAST engine scan C:\Windows\system32\drivers
17:55:31.743 AVAST engine scan C:\Users\Nippi
18:02:14.897 AVAST engine scan C:\ProgramData
18:02:55.823 Scan finished successfully
18:04:49.557 Disk 0 MBR has been saved successfully to "C:\Users\Nippi\Desktop\MBR.dat"
18:04:49.561 The log file has been saved successfully to "C:\Users\Nippi\Desktop\aswMBR.txt"

cosinus · 25.08.2011, 19:56

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

28.07.2011, 13:20	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	keine Zugriffsrechte mehr auf Ordnern / Trojaner TR/Crypt.XPACK.Gen Log ist unvollständig... __________________ Logfiles bitte immer in CODE-Tags posten

keine Zugriffsrechte mehr auf Ordnern / Trojaner TR/Crypt.XPACK.Gen

Log-Analyse und Auswertung: keine Zugriffsrechte mehr auf Ordnern / Trojaner TR/Crypt.XPACK.Gen