Dann lassen wir auch diese Zeile weg, probier mit diesem Text:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
[2011.08.28 16:41:42 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions\toolbar@ask.com
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [Lan.FS] C:\Program Files\Lan.FS\Lan-fs.exe ()
O4 - HKCU..\RunOnce: [KeApplet] C:\Users\Admin\AppData\Local\Temp\ke64tnkff.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.25 15:32:25 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.05.11 17:34:10 | 000,045,056 | R--- | M] () - K:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.05.11 16:49:08 | 000,000,042 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
[2011.08.28 16:40:06 | 003,383,272 | ---- | C] (Search-Results) -- C:\Users\Admin\Desktop\ApnToolbarInstaller.exe
[2011.08.28 10:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lan.Fs
[2011.08.28 10:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lan.FS
[2011.08.27 18:42:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Xara
[2011.09.18 20:40:22 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2011.09.18 20:40:22 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2011.09.18 20:40:22 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2011.09.18 20:40:22 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2011.09.18 20:40:22 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2011.09.18 20:40:22 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2011.09.18 20:40:22 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2011.09.18 20:40:22 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2011.09.18 20:40:22 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2011.09.18 20:25:42 | 000,007,607 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.09.18 20:24:56 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\Xilv.job
[2011.09.18 20:24:50 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\Ygwsnc.job
[2011.09.18 20:24:50 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\XZRDABX.job
[2011.09.19 18:22:12 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mkwdob.sys
[2011.09.11 11:14:32 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011.05.17 20:51:33 | 000,012,724 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.18 20:24:56 | 000,000,302 | -HS- | M] () -- C:\Windows\Tasks\Xilv.job
[2011.09.18 20:24:50 | 000,000,302 | -HS- | M] () -- C:\Windows\Tasks\XZRDABX.job
[2011.09.18 20:24:50 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\Ygwsnc.job
[2011.09.21 16:50:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\ZA_PreservedFiles
:Files
C:\Program Files\Ask.com
:Commands
[emptytemp]
[resethosts]
         

All processes killed
========== OTL ==========
Folder C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\llxo0yp0.default\extensions\toolbar@ask.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lan.FS deleted successfully.
C:\Programme\Lan.FS\Lan-fs.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KeApplet not found.
C:\Users\Admin\AppData\Local\Temp\ke64tnkff.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\autoexec.bat moved successfully.
E:\AUTOEXEC.BAT moved successfully.
File move failed. K:\Autorun.exe scheduled to be moved on reboot.
File move failed. K:\Autorun.inf scheduled to be moved on reboot.
C:\Users\Admin\Desktop\ApnToolbarInstaller.exe moved successfully.
C:\ProgramData\Lan.Fs\Profile\Sound folder moved successfully.
C:\ProgramData\Lan.Fs\Profile\Settings folder moved successfully.
C:\ProgramData\Lan.Fs\Profile\Emoticons folder moved successfully.
C:\ProgramData\Lan.Fs\Profile folder moved successfully.
C:\ProgramData\Lan.Fs folder moved successfully.
C:\Program Files\Lan.FS folder moved successfully.
C:\Users\Admin\AppData\Local\Xara\MAGIX 3D Maker embeded\Updates\ENG folder moved successfully.
C:\Users\Admin\AppData\Local\Xara\MAGIX 3D Maker embeded\Updates\DEU folder moved successfully.
C:\Users\Admin\AppData\Local\Xara\MAGIX 3D Maker embeded\Updates folder moved successfully.
C:\Users\Admin\AppData\Local\Xara\MAGIX 3D Maker embeded folder moved successfully.
C:\Users\Admin\AppData\Local\Xara folder moved successfully.
C:\Windows\System32\Datei4 moved successfully.
C:\Windows\System32\Datei2 moved successfully.
C:\Windows\System32\Datei3 moved successfully.
C:\Windows\System32\Datei1 moved successfully.
C:\Windows\System32\Datei7 moved successfully.
C:\Windows\System32\Datei5 moved successfully.
C:\Windows\System32\Datei0 moved successfully.
C:\Windows\System32\Datei9 moved successfully.
C:\Windows\System32\Datei8 moved successfully.
C:\Windows\System32\Datei10 moved successfully.
C:\Windows\System32\Datei6 moved successfully.
C:\Users\Admin\AppData\Local\Resmon.ResmonCfg moved successfully.
C:\Windows\Tasks\Xilv.job moved successfully.
C:\Windows\Tasks\Ygwsnc.job moved successfully.
C:\Windows\Tasks\XZRDABX.job moved successfully.
C:\Windows\System32\drivers\mkwdob.sys moved successfully.
C:\Windows\patchw32.dll moved successfully.
File move failed. C:\Windows\Tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
File C:\Windows\Tasks\Xilv.job not found.
File C:\Windows\Tasks\XZRDABX.job not found.
File C:\Windows\Tasks\Ygwsnc.job not found.
C:\ProgramData\Application Data\ZA_PreservedFiles folder moved successfully.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 2000942757 bytes
->Temporary Internet Files folder emptied: 365869675 bytes
->Java cache emptied: 1635853 bytes
->FireFox cache emptied: 119609388 bytes
->Opera cache emptied: 2311234 bytes
->Flash cache emptied: 166258 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54236695 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.427,00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09222011_164621

Files\Folders moved on Reboot...
File move failed. K:\Autorun.exe scheduled to be moved on reboot.
File move failed. K:\Autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
File move failed. C:\Windows\S421F1A66.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

2011/09/22 21:20:46.0751 2424 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/22 21:20:46.0938 2424 ================================================================================
2011/09/22 21:20:46.0938 2424 SystemInfo:
2011/09/22 21:20:46.0938 2424
2011/09/22 21:20:46.0938 2424 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/22 21:20:46.0938 2424 Product type: Workstation
2011/09/22 21:20:46.0938 2424 ComputerName: ADMIN-PC
2011/09/22 21:20:46.0938 2424 UserName: Admin
2011/09/22 21:20:46.0938 2424 Windows directory: C:\Windows
2011/09/22 21:20:46.0938 2424 System windows directory: C:\Windows
2011/09/22 21:20:46.0938 2424 Processor architecture: Intel x86
2011/09/22 21:20:46.0938 2424 Number of processors: 1
2011/09/22 21:20:46.0938 2424 Page size: 0x1000
2011/09/22 21:20:46.0938 2424 Boot type: Normal boot
2011/09/22 21:20:46.0938 2424 ================================================================================
2011/09/22 21:20:48.0498 2424 Initialize success
2011/09/22 21:20:53.0490 2920 ================================================================================
2011/09/22 21:20:53.0490 2920 Scan started
2011/09/22 21:20:53.0490 2920 Mode: Manual;
2011/09/22 21:20:53.0490 2920 ================================================================================
2011/09/22 21:20:54.0410 2920 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/22 21:20:54.0442 2920 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/22 21:20:54.0473 2920 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/22 21:20:54.0535 2920 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/22 21:20:54.0582 2920 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/22 21:20:54.0629 2920 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/22 21:20:54.0707 2920 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/09/22 21:20:54.0754 2920 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/22 21:20:54.0785 2920 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/09/22 21:20:54.0816 2920 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/22 21:20:54.0847 2920 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/09/22 21:20:54.0878 2920 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/22 21:20:54.0941 2920 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/22 21:20:54.0956 2920 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/22 21:20:55.0066 2920 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/22 21:20:55.0097 2920 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/22 21:20:55.0144 2920 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/22 21:20:55.0253 2920 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/09/22 21:20:55.0471 2920 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/09/22 21:20:55.0534 2920 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/22 21:20:55.0580 2920 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/22 21:20:55.0627 2920 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/22 21:20:55.0721 2920 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/22 21:20:55.0814 2920 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/22 21:20:55.0955 2920 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/09/22 21:20:56.0095 2920 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/09/22 21:20:56.0173 2920 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/09/22 21:20:56.0267 2920 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/22 21:20:56.0376 2920 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/22 21:20:56.0438 2920 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/22 21:20:56.0485 2920 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/22 21:20:56.0579 2920 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\Windows\System32\drivers\BrPar.sys
2011/09/22 21:20:56.0641 2920 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/09/22 21:20:56.0688 2920 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/22 21:20:56.0750 2920 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/22 21:20:56.0813 2920 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/22 21:20:56.0875 2920 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/22 21:20:56.0984 2920 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/22 21:20:57.0031 2920 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/22 21:20:57.0094 2920 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/22 21:20:57.0172 2920 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\Windows\system32\DRIVERS\cledx.sys
2011/09/22 21:20:57.0218 2920 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/09/22 21:20:57.0296 2920 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/22 21:20:57.0343 2920 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/22 21:20:57.0390 2920 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/09/22 21:20:57.0452 2920 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/22 21:20:57.0499 2920 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/22 21:20:57.0593 2920 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/09/22 21:20:57.0624 2920 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/22 21:20:57.0718 2920 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/09/22 21:20:57.0842 2920 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/09/22 21:20:57.0889 2920 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/09/22 21:20:57.0967 2920 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/09/22 21:20:58.0045 2920 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/09/22 21:20:58.0139 2920 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/22 21:20:58.0201 2920 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/22 21:20:58.0373 2920 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/09/22 21:20:58.0544 2920 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
2011/09/22 21:20:58.0622 2920 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/09/22 21:20:58.0685 2920 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/22 21:20:58.0732 2920 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/22 21:20:58.0825 2920 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/09/22 21:20:58.0888 2920 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/09/22 21:20:58.0966 2920 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/22 21:20:59.0028 2920 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/09/22 21:20:59.0075 2920 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/09/22 21:20:59.0137 2920 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/22 21:20:59.0200 2920 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/09/22 21:20:59.0278 2920 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/09/22 21:20:59.0324 2920 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/22 21:20:59.0356 2920 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/22 21:20:59.0418 2920 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/22 21:20:59.0496 2920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/22 21:20:59.0668 2920 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/09/22 21:20:59.0761 2920 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/22 21:20:59.0824 2920 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/09/22 21:20:59.0917 2920 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/22 21:20:59.0964 2920 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/22 21:21:00.0011 2920 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/22 21:21:00.0073 2920 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/22 21:21:00.0167 2920 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/22 21:21:00.0245 2920 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/22 21:21:00.0307 2920 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/09/22 21:21:00.0354 2920 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/22 21:21:00.0416 2920 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/22 21:21:00.0463 2920 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/22 21:21:00.0526 2920 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/22 21:21:00.0697 2920 IntcAzAudAddService (bfcd7edc663f513e7c4a0b9400e58c70) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/22 21:21:00.0838 2920 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/22 21:21:00.0900 2920 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/22 21:21:00.0947 2920 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/22 21:21:01.0009 2920 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/22 21:21:01.0056 2920 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/09/22 21:21:01.0134 2920 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/09/22 21:21:01.0181 2920 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/22 21:21:01.0228 2920 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/22 21:21:01.0337 2920 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/09/22 21:21:01.0384 2920 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/22 21:21:01.0430 2920 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/22 21:21:01.0493 2920 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/22 21:21:01.0540 2920 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/22 21:21:01.0633 2920 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/22 21:21:01.0711 2920 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/22 21:21:01.0774 2920 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/22 21:21:01.0820 2920 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/22 21:21:01.0867 2920 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/22 21:21:01.0930 2920 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/09/22 21:21:01.0992 2920 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
2011/09/22 21:21:02.0117 2920 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/22 21:21:02.0179 2920 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/22 21:21:02.0242 2920 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/09/22 21:21:02.0351 2920 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/22 21:21:02.0429 2920 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/22 21:21:02.0476 2920 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/22 21:21:02.0522 2920 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/09/22 21:21:02.0585 2920 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/22 21:21:02.0632 2920 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/22 21:21:02.0694 2920 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/09/22 21:21:02.0741 2920 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/22 21:21:03.0068 2920 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/22 21:21:03.0443 2920 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/22 21:21:03.0552 2920 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/22 21:21:03.0646 2920 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/22 21:21:03.0708 2920 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/09/22 21:21:03.0770 2920 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/22 21:21:03.0817 2920 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/22 21:21:03.0895 2920 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/22 21:21:03.0973 2920 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/22 21:21:04.0020 2920 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/09/22 21:21:04.0082 2920 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/09/22 21:21:04.0145 2920 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/22 21:21:04.0192 2920 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/09/22 21:21:04.0238 2920 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/22 21:21:04.0285 2920 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/09/22 21:21:04.0394 2920 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/22 21:21:04.0488 2920 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/09/22 21:21:04.0550 2920 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/22 21:21:04.0613 2920 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/22 21:21:04.0660 2920 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/22 21:21:04.0706 2920 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/22 21:21:04.0847 2920 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/09/22 21:21:04.0894 2920 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/22 21:21:04.0956 2920 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/22 21:21:05.0081 2920 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/22 21:21:05.0174 2920 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2011/09/22 21:21:05.0221 2920 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/09/22 21:21:05.0284 2920 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/22 21:21:05.0424 2920 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/09/22 21:21:05.0767 2920 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/09/22 21:21:05.0892 2920 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/09/22 21:21:06.0422 2920 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/22 21:21:06.0656 2920 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/22 21:21:06.0719 2920 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/22 21:21:06.0797 2920 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/22 21:21:06.0844 2920 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/22 21:21:06.0922 2920 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/09/22 21:21:06.0968 2920 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/09/22 21:21:07.0015 2920 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/09/22 21:21:07.0093 2920 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/09/22 21:21:07.0140 2920 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/22 21:21:07.0187 2920 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/22 21:21:07.0234 2920 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/09/22 21:21:07.0296 2920 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/09/22 21:21:07.0483 2920 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/22 21:21:07.0546 2920 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/09/22 21:21:07.0670 2920 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/22 21:21:07.0748 2920 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/22 21:21:07.0826 2920 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/22 21:21:07.0904 2920 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/22 21:21:07.0951 2920 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/22 21:21:07.0998 2920 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/22 21:21:08.0060 2920 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/22 21:21:08.0123 2920 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/22 21:21:08.0185 2920 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/22 21:21:08.0248 2920 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/22 21:21:08.0294 2920 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/22 21:21:08.0372 2920 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/22 21:21:08.0419 2920 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/09/22 21:21:08.0466 2920 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/22 21:21:08.0528 2920 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/22 21:21:08.0575 2920 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/09/22 21:21:08.0638 2920 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/09/22 21:21:08.0794 2920 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/22 21:21:08.0856 2920 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/09/22 21:21:08.0950 2920 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/22 21:21:09.0028 2920 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/22 21:21:09.0106 2920 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/22 21:21:09.0184 2920 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/22 21:21:09.0246 2920 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/09/22 21:21:09.0293 2920 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/22 21:21:09.0402 2920 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/22 21:21:09.0433 2920 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/22 21:21:09.0480 2920 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/22 21:21:09.0511 2920 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/22 21:21:09.0589 2920 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/09/22 21:21:09.0636 2920 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/22 21:21:09.0683 2920 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/22 21:21:09.0730 2920 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/09/22 21:21:09.0808 2920 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/09/22 21:21:09.0948 2920 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/09/22 21:21:09.0948 2920 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/09/22 21:21:09.0979 2920 sptd - detected LockedFile.Multi.Generic (1)
2011/09/22 21:21:10.0026 2920 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2011/09/22 21:21:10.0073 2920 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/22 21:21:10.0135 2920 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/22 21:21:10.0213 2920 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/09/22 21:21:10.0291 2920 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/22 21:21:10.0369 2920 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/09/22 21:21:10.0416 2920 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/09/22 21:21:10.0478 2920 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/22 21:21:10.0603 2920 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/09/22 21:21:10.0681 2920 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/22 21:21:10.0775 2920 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/22 21:21:10.0822 2920 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/09/22 21:21:10.0868 2920 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/09/22 21:21:10.0915 2920 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/22 21:21:10.0962 2920 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/22 21:21:11.0087 2920 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/22 21:21:11.0149 2920 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/22 21:21:11.0180 2920 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/22 21:21:11.0243 2920 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/22 21:21:11.0321 2920 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/22 21:21:11.0383 2920 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/22 21:21:11.0430 2920 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/22 21:21:11.0508 2920 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/09/22 21:21:11.0555 2920 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/22 21:21:11.0617 2920 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/22 21:21:11.0664 2920 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/22 21:21:11.0726 2920 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/22 21:21:11.0773 2920 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/22 21:21:11.0820 2920 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/22 21:21:11.0898 2920 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/22 21:21:11.0945 2920 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/22 21:21:12.0007 2920 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/22 21:21:12.0085 2920 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/22 21:21:12.0179 2920 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/22 21:21:12.0226 2920 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/22 21:21:12.0288 2920 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/09/22 21:21:12.0319 2920 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/22 21:21:12.0382 2920 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/09/22 21:21:12.0428 2920 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/09/22 21:21:12.0475 2920 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/22 21:21:12.0522 2920 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/09/22 21:21:12.0569 2920 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/09/22 21:21:12.0616 2920 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/22 21:21:12.0662 2920 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/09/22 21:21:12.0725 2920 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/22 21:21:12.0787 2920 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/22 21:21:12.0850 2920 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/09/22 21:21:12.0928 2920 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/22 21:21:12.0990 2920 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/22 21:21:13.0021 2920 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/22 21:21:13.0146 2920 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/09/22 21:21:13.0193 2920 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/22 21:21:13.0333 2920 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/22 21:21:13.0380 2920 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/09/22 21:21:13.0520 2920 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/22 21:21:13.0630 2920 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/22 21:21:13.0723 2920 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/09/22 21:21:13.0786 2920 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/22 21:21:14.0082 2920 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/09/22 21:21:14.0129 2920 MBR (0x1B8) (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk1\DR1
2011/09/22 21:21:14.0191 2920 Boot (0x1200) (ccd3177a71457eb762cf28634128ac37) \Device\Harddisk0\DR0\Partition0
2011/09/22 21:21:14.0222 2920 Boot (0x1200) (9c9e6a8eab04ad9f6070fef280da98f6) \Device\Harddisk0\DR0\Partition1
2011/09/22 21:21:14.0254 2920 Boot (0x1200) (0d6e6dbba5ad5efd6e391b122011cbf6) \Device\Harddisk1\DR1\Partition0
2011/09/22 21:21:14.0269 2920 ================================================================================
2011/09/22 21:21:14.0269 2920 Scan finished
2011/09/22 21:21:14.0269 2920 ================================================================================
2011/09/22 21:21:14.0300 2520 Detected object count: 1
2011/09/22 21:21:14.0300 2520 Actual detected object count: 1
2011/09/22 21:21:24.0440 2520 LockedFile.Multi.Generic(sptd) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-09-22.03 - Admin 22.09.2011  22:28:24.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.959.523 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\newdnswatch
c:\newdnswatch\8BF491C5AB2.exe
c:\newdnswatch\8FB29FA0128EF7E
c:\users\Admin\AppData\Roaming\Help\coredb\storage
c:\users\Admin\AppData\Roaming\Minecraft.exe
c:\users\Admin\AppData\Roaming\Minecraft_Server.exe
c:\users\Admin\AppData\Roaming\server
c:\users\Admin\AppData\Roaming\server\banned-ips.txt
c:\users\Admin\AppData\Roaming\server\banned-players.txt
c:\users\Admin\AppData\Roaming\server\Minecraft_Server.exe
c:\users\Admin\AppData\Roaming\server\ops.txt
c:\users\Admin\AppData\Roaming\server\server.log
c:\users\Admin\AppData\Roaming\server\server.properties
c:\users\Admin\AppData\Roaming\server\white-list.txt
c:\users\Admin\AppData\Roaming\server\world\level.dat
c:\users\Admin\AppData\Roaming\server\world\level.dat_old
c:\users\Admin\AppData\Roaming\server\world\players\balktrex.dat
c:\users\Admin\AppData\Roaming\server\world\players\Gamesplitter.dat
c:\users\Admin\AppData\Roaming\server\world\players\Leo321.dat
c:\users\Admin\AppData\Roaming\server\world\players\Lordhelmchen.dat
c:\users\Admin\AppData\Roaming\server\world\players\Mandarak.dat
c:\users\Admin\AppData\Roaming\server\world\region\r.-1.-1.mcr
c:\users\Admin\AppData\Roaming\server\world\region\r.-1.-2.mcr
c:\users\Admin\AppData\Roaming\server\world\region\r.-1.0.mcr
c:\users\Admin\AppData\Roaming\server\world\region\r.-2.-1.mcr
c:\users\Admin\AppData\Roaming\server\world\region\r.-2.-2.mcr
c:\users\Admin\AppData\Roaming\server\world\region\r.-2.0.mcr
c:\users\Admin\AppData\Roaming\server\world\region\r.0.-1.mcr
c:\users\Admin\AppData\Roaming\server\world\region\r.0.0.mcr
c:\users\Admin\AppData\Roaming\server\world\session.lock
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-22 bis 2011-09-22  ))))))))))))))))))))))))))))))
.
.
2011-09-22 20:38 . 2011-09-22 20:38	--------	d-----w-	c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2011-09-22 20:38 . 2011-09-22 20:38	--------	d-----w-	c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2011-09-22 20:38 . 2011-09-22 20:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-21 19:40 . 2011-09-21 19:40	--------	d-----w-	C:\_OTL
2011-09-19 16:31 . 2011-09-19 16:31	--------	d-----w-	c:\program files\ESET
2011-09-19 14:42 . 2011-09-19 14:42	--------	d-----w-	c:\users\Admin\AppData\Roaming\Malwarebytes
2011-09-19 14:41 . 2011-09-19 14:41	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-19 14:41 . 2011-09-19 16:21	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-09-19 14:41 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-11 09:45 . 2011-09-11 09:45	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2011-09-11 09:14 . 2011-09-11 09:14	--------	d-----w-	c:\program files\Common Files\PocketSoft
2011-09-09 18:33 . 2011-09-09 18:34	--------	d-----w-	c:\users\Admin\AppData\Roaming\Apple Computer
2011-09-09 18:33 . 2011-09-09 18:33	--------	d-----w-	c:\users\Admin\AppData\Local\Apple Computer
2011-09-09 18:32 . 2011-09-09 18:32	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-09-09 18:32 . 2009-05-18 11:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-09 18:32 . 2008-04-17 10:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2011-09-09 18:29 . 2011-09-09 18:29	--------	d-----w-	c:\users\Admin\AppData\Local\Apple
2011-09-09 18:29 . 2011-09-09 18:29	--------	d-----w-	c:\program files\Apple Software Update
2011-09-09 18:28 . 2011-09-09 18:28	--------	d-----w-	c:\program files\Bonjour
2011-09-09 18:28 . 2011-09-09 18:31	--------	d-----w-	c:\program files\Common Files\Apple
2011-09-09 18:28 . 2011-09-09 18:28	--------	d-----w-	c:\programdata\Apple
2011-09-05 19:48 . 2011-09-05 19:54	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-28 15:37 . 2011-08-28 15:37	--------	d-----w-	c:\programdata\Ableton
2011-08-28 15:37 . 2011-08-28 15:37	--------	d-----w-	c:\users\Admin\AppData\Roaming\Ableton
2011-08-28 14:46 . 2011-08-28 14:46	--------	d-----w-	c:\program files\Ableton
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-22 19:18 . 2011-07-09 17:46	0	--sh--w-	c:\windows\S421F1A66.tmp
2011-07-29 19:34 . 2011-04-19 09:36	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-29 19:34 . 2011-04-19 09:36	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-07-15 10:49 . 2011-07-28 05:24	313208	----a-w-	c:\windows\system32\TubeFinder.exe
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20	50536	----a-w-	c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-07-11 11:20 . 2011-07-11 11:20	8192	----a-r-	c:\users\Admin\AppData\Roaming\Microsoft\Installer\{1B77BC7B-4538-4652-AF33-C201F21BF8F2}\Icon1B77BC7B.exe
2011-07-05 16:37 . 2011-07-05 16:37	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-09-07 14:26 . 2011-04-09 14:31	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-18 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-03-28 10029672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
R0 ndiu;ndiu;c:\windows\System32\drivers\mkwdob.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Admin\AppData\Local\Temp\GPU-Z.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-18 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-30 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\llxo0yp0.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-5Z3U4G4IZCXEZEWW - c:\newdnswatch\8BF491C5AB2.exe
AddRemove-Local Area Network File Send 2_is1 - c:\program files\Lan.FS\unins000.exe
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\conhost.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskmgr.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-22  22:47:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-22 20:47
.
Vor Suchlauf: 8 Verzeichnis(se), 667.475.525.632 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 667.142.402.048 Bytes frei
.
- - End Of File - - 1B8071250D3D04ADE2242EC52C76D05D
         

--- --- ---

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code: Alles auswählenAufklappen

ATTFilter

File::
c:\windows\System32\drivers\mkwdob.sys

Driver::
ndiu
         

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-09-23.03 - Admin 23.09.2011  17:52:17.2.1 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.959.423 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Admin\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\System32\drivers\mkwdob.sys"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ndiu
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-23 bis 2011-09-23  ))))))))))))))))))))))))))))))
.
.
2011-09-23 16:04 . 2011-09-23 16:04	--------	d-----w-	c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2011-09-21 19:40 . 2011-09-21 19:40	--------	d-----w-	C:\_OTL
2011-09-19 16:31 . 2011-09-19 16:31	--------	d-----w-	c:\program files\ESET
2011-09-19 14:42 . 2011-09-19 14:42	--------	d-----w-	c:\users\Admin\AppData\Roaming\Malwarebytes
2011-09-19 14:41 . 2011-09-19 14:41	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-19 14:41 . 2011-09-19 16:21	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-09-19 14:41 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-11 09:45 . 2011-09-11 09:45	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2011-09-11 09:14 . 2011-09-11 09:14	--------	d-----w-	c:\program files\Common Files\PocketSoft
2011-09-09 18:33 . 2011-09-09 18:34	--------	d-----w-	c:\users\Admin\AppData\Roaming\Apple Computer
2011-09-09 18:33 . 2011-09-09 18:33	--------	d-----w-	c:\users\Admin\AppData\Local\Apple Computer
2011-09-09 18:32 . 2011-09-09 18:32	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-09-09 18:32 . 2009-05-18 11:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-09 18:32 . 2008-04-17 10:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2011-09-09 18:29 . 2011-09-09 18:29	--------	d-----w-	c:\users\Admin\AppData\Local\Apple
2011-09-09 18:29 . 2011-09-09 18:29	--------	d-----w-	c:\program files\Apple Software Update
2011-09-09 18:28 . 2011-09-09 18:28	--------	d-----w-	c:\program files\Bonjour
2011-09-09 18:28 . 2011-09-09 18:31	--------	d-----w-	c:\program files\Common Files\Apple
2011-09-09 18:28 . 2011-09-09 18:28	--------	d-----w-	c:\programdata\Apple
2011-09-05 19:48 . 2011-09-05 19:54	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-28 15:37 . 2011-08-28 15:37	--------	d-----w-	c:\programdata\Ableton
2011-08-28 15:37 . 2011-08-28 15:37	--------	d-----w-	c:\users\Admin\AppData\Roaming\Ableton
2011-08-28 14:46 . 2011-08-28 14:46	--------	d-----w-	c:\program files\Ableton
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-22 19:18 . 2011-07-09 17:46	0	--sh--w-	c:\windows\S421F1A66.tmp
2011-07-29 19:34 . 2011-04-19 09:36	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-29 19:34 . 2011-04-19 09:36	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-07-15 10:49 . 2011-07-28 05:24	313208	----a-w-	c:\windows\system32\TubeFinder.exe
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20	50536	----a-w-	c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-07-11 11:20 . 2011-07-11 11:20	8192	----a-r-	c:\users\Admin\AppData\Roaming\Microsoft\Installer\{1B77BC7B-4538-4652-AF33-C201F21BF8F2}\Icon1B77BC7B.exe
2011-07-05 16:37 . 2011-07-05 16:37	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-09-07 14:26 . 2011-04-09 14:31	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-18 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((   SnapShot@2011-09-22_20.41.31   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2011-09-23 16:13	44388              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-09 14:30 . 2011-09-23 16:13	7180              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2627716630-3158059880-397312216-1001_UserData.bin
+ 2011-09-22 19:18 . 2011-09-23 16:11	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-22 19:18 . 2011-09-22 20:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-22 19:18 . 2011-09-23 16:11	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-22 19:18 . 2011-09-22 20:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-15 05:06 . 2011-09-23 13:42	279844              c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-03-28 10029672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
R3 GPU-Z;GPU-Z;c:\users\Admin\AppData\Local\Temp\GPU-Z.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-18 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-30 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\llxo0yp0.default\
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-23  18:17:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-23 16:17
ComboFix2.txt  2011-09-22 20:47
.
Vor Suchlauf: 11 Verzeichnis(se), 666.735.017.984 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 666.447.929.344 Bytes frei
.
- - End Of File - - DBBE549F37B1F2C2428C4FE6FBCF16C9
         

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:36:08 on 24.09.2011

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 6.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\Windows\system32\AxSWindC.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights 10" - "Nero AG" - C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aglorpod" (aglorpod) - ? - C:\Users\Admin\AppData\Local\Temp\aglorpod.sys  (Hidden registry entry, rootkit activity | File not found)
"auafff93" (auafff93) - "Microsoft Corporation" - C:\Windows\system32\drivers\auafff93.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BrPar" (BrPar) - "Brother Industries Ltd." - C:\Windows\System32\drivers\BrPar.sys
"catchme" (catchme) - ? - C:\Users\Admin\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz135" (cpuz135) - "CPUID" - C:\Windows\system32\drivers\cpuz135_x32.sys
"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"GPU-Z" (GPU-Z) - ? - C:\Users\Admin\AppData\Local\Temp\GPU-Z.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"ISO DVD/CD-ROM Device Driver" (ISODrive) - "EZB Systems, Inc." - C:\Program Files\UltraISO\drivers\ISODrive.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)
"mbr" (mbr) - ? - C:\Users\Admin\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys
"Nsynas32" (Nsynas32) - ? - C:\Windows\system32\drivers\Nsynas32.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" - "EZB Systems, Inc." - C:\Program Files\UltraISO\isoshell.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"HiDownload" - ? - C:\Program Files\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10w.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CloneCDTray" - "SlySoft, Inc." - "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LifeCam" - "Microsoft Corporation" - "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\Wat\WatUX.exe,-601" (WatAdminSvc) - "Microsoft Corporation" - C:\Windows\system32\Wat\WatAdminSvc.exe  (File is exclusively opened, access blocked)
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS32.exe
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files\WinPcap\rpcapd.exe
"StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         

--- --- ---

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-15 15:30:00
-----------------------------
15:30:00.558 OS Version: Windows 6.1.7600
15:30:00.558 Number of processors: 1 586 0x7F01
15:30:00.558 ComputerName: ADMIN-PC UserName: Admin
15:30:06.024 Initialize success
15:32:51.184 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006b
15:32:51.199 Disk 0 Vendor: SAMSUNG_ JF10 Size: 152627MB BusType: 3
15:32:51.199 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006c
15:32:51.199 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
15:32:53.227 Disk 1 MBR read successfully
15:32:53.227 Disk 1 MBR scan
15:32:53.227 Disk 1 unknown MBR code
15:32:53.243 Disk 1 scanning sectors +1953523712
15:32:53.290 Disk 1 scanning C:\Windows\system32\drivers
15:32:57.081 Service scanning
15:32:58.843 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:32:59.499 Modules scanning
15:33:29.295 Disk 1 trace - called modules:
15:33:29.326 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x847161f8]<<
15:33:29.841 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85645030]
15:33:29.841 3 CLASSPNP.SYS[8786659e] -> nt!IofCallDriver -> [0x85459df0]
15:33:29.872 5 ACPI.sys[8715f3b2] -> nt!IofCallDriver -> \Device\0000006c[0x854711f8]
15:33:29.872 \Driver\nvstor[0x85468948] -> IRP_MJ_CREATE -> 0x847161f8
15:33:29.887 Scan finished successfully
15:38:26.303 Disk 1 MBR has been saved successfully to "C:\Users\Admin\Documents\MBR.dat"
15:38:26.319 The log file has been saved successfully to "C:\Users\Admin\Documents\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset