Virus durch Flash gefangen?

player66 · 29.11.2011, 19:01

Ausgeführt
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
File J:\APPInst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Y\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Y\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Y\ not found.
File Y:\SH3Autorun.exe not found.
C:\WINDOWS\system32\cmdcsr.dll moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\kill.exe moved successfully.
C:\WINDOWS\system32\bbeefcfaf6_g.dll moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4068400 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: All Users

User: beast

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: HOE

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 36653001 bytes
->FireFox cache emptied: 2454608 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 3302656 bytes
Windows Temp folder emptied: 132754880 bytes
RecycleBin emptied: 186792 bytes

Total Files Cleaned = 171,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11292011_185323

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 29.11.2011, 19:02

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

player66 · 29.11.2011, 19:06

Ist oben!!

cosinus · 29.11.2011, 19:09

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

player66 · 29.11.2011, 19:13

19:10:42.0859 0396 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
19:10:43.0390 0396 ============================================================
19:10:43.0390 0396 Current date / time: 2011/11/29 19:10:43.0390
19:10:43.0390 0396 SystemInfo:
19:10:43.0390 0396
19:10:43.0390 0396 OS Version: 5.1.2600 ServicePack: 3.0
19:10:43.0390 0396 Product type: Workstation
19:10:43.0390 0396 ComputerName: BEASTS
19:10:43.0390 0396 UserName: Administrator
19:10:43.0390 0396 Windows directory: C:\WINDOWS
19:10:43.0390 0396 System windows directory: C:\WINDOWS
19:10:43.0390 0396 Processor architecture: Intel x86
19:10:43.0390 0396 Number of processors: 2
19:10:43.0390 0396 Page size: 0x1000
19:10:43.0390 0396 Boot type: Normal boot
19:10:43.0390 0396 ============================================================
19:10:44.0375 0396 Initialize success
19:11:44.0875 3504 ============================================================
19:11:44.0875 3504 Scan started
19:11:44.0875 3504 Mode: Manual; SigCheck; TDLFS;
19:11:44.0875 3504 ============================================================
19:11:45.0390 3504 Abiosdsk - ok
19:11:45.0406 3504 abp480n5 - ok
19:11:45.0437 3504 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:11:47.0015 3504 ACPI - ok
19:11:47.0093 3504 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:11:47.0281 3504 ACPIEC - ok
19:11:47.0296 3504 adpu160m - ok
19:11:47.0328 3504 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:11:47.0515 3504 aec - ok
19:11:47.0609 3504 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:11:47.0812 3504 AFD - ok
19:11:47.0906 3504 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:11:48.0093 3504 agp440 - ok
19:11:48.0109 3504 Aha154x - ok
19:11:48.0125 3504 aic78u2 - ok
19:11:48.0125 3504 aic78xx - ok
19:11:48.0156 3504 AliIde - ok
19:11:48.0171 3504 amsint - ok
19:11:48.0187 3504 asc - ok
19:11:48.0203 3504 asc3350p - ok
19:11:48.0218 3504 asc3550 - ok
19:11:48.0250 3504 Aspi32 (eb62fa6d7da4e774e47d376e4d19ca5f) C:\WINDOWS\system32\drivers\aspi32.sys
19:11:48.0296 3504 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
19:11:48.0296 3504 Aspi32 - detected UnsignedFile.Multi.Generic (1)
19:11:48.0375 3504 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:11:48.0546 3504 AsyncMac - ok
19:11:48.0593 3504 atapi (95b858761a00e1d4f81f79a0da019aca) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:11:48.0593 3504 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 95b858761a00e1d4f81f79a0da019aca
19:11:48.0593 3504 atapi ( LockedFile.Multi.Generic ) - warning
19:11:48.0593 3504 atapi - detected LockedFile.Multi.Generic (1)
19:11:48.0593 3504 Atdisk - ok
19:11:48.0781 3504 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:11:49.0281 3504 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
19:11:49.0281 3504 ati2mtag - detected UnsignedFile.Multi.Generic (1)
19:11:49.0390 3504 ATITool (010a0dc531b5947c2b2d7bd004de8e3f) C:\WINDOWS\system32\DRIVERS\ATITool.sys
19:11:49.0421 3504 ATITool ( UnsignedFile.Multi.Generic ) - warning
19:11:49.0421 3504 ATITool - detected UnsignedFile.Multi.Generic (1)
19:11:49.0500 3504 atitray (6e51838f65c4f5264af489773a53d678) C:\Programme\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys
19:11:49.0593 3504 atitray ( UnsignedFile.Multi.Generic ) - warning
19:11:49.0593 3504 atitray - detected UnsignedFile.Multi.Generic (1)
19:11:49.0671 3504 atksgt (5b80e84af6b02ecab72dae9afee06309) C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:11:49.0765 3504 atksgt ( UnsignedFile.Multi.Generic ) - warning
19:11:49.0765 3504 atksgt - detected UnsignedFile.Multi.Generic (1)
19:11:49.0781 3504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:11:49.0968 3504 Atmarpc - ok
19:11:50.0046 3504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:11:50.0203 3504 audstub - ok
19:11:50.0250 3504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:11:50.0421 3504 Beep - ok
19:11:50.0531 3504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:11:50.0718 3504 cbidf2k - ok
19:11:50.0734 3504 cd20xrnt - ok
19:11:50.0765 3504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:11:50.0968 3504 Cdaudio - ok
19:11:51.0046 3504 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:11:51.0218 3504 Cdfs - ok
19:11:51.0250 3504 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:11:51.0453 3504 Cdrom - ok
19:11:51.0500 3504 Changer - ok
19:11:51.0546 3504 CmdIde - ok
19:11:51.0562 3504 Cpqarray - ok
19:11:51.0625 3504 ctac32k (44f0aa32c024f18aff8bb31fa91c9c88) C:\WINDOWS\system32\drivers\ctac32k.sys
19:11:51.0859 3504 ctac32k - ok
19:11:51.0937 3504 ctaud2k (528f97597fae050ec5c3ba05f7caff88) C:\WINDOWS\system32\drivers\ctaud2k.sys
19:11:52.0031 3504 ctaud2k - ok
19:11:52.0062 3504 ctdvda2k (18779d6877a2f4ff2f23193fee44b095) C:\WINDOWS\system32\drivers\ctdvda2k.sys
19:11:52.0390 3504 ctdvda2k - ok
19:11:52.0453 3504 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
19:11:52.0625 3504 ctljystk - ok
19:11:52.0656 3504 ctprxy2k (a07820a06bfdbffa1d207c7778205a4d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
19:11:52.0703 3504 ctprxy2k - ok
19:11:52.0781 3504 ctsfm2k (d29b3eeb5155a06b94f8d75c126a9c0c) C:\WINDOWS\system32\drivers\ctsfm2k.sys
19:11:52.0859 3504 ctsfm2k - ok
19:11:52.0875 3504 dac2w2k - ok
19:11:52.0890 3504 dac960nt - ok
19:11:52.0906 3504 dgderdrv - ok
19:11:52.0921 3504 dg_ssudbus - ok
19:11:52.0953 3504 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:11:53.0140 3504 Disk - ok
19:11:53.0234 3504 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
19:11:53.0468 3504 dmboot - ok
19:11:53.0546 3504 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
19:11:53.0750 3504 dmio - ok
19:11:53.0781 3504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:11:53.0953 3504 dmload - ok
19:11:54.0031 3504 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:11:54.0187 3504 DMusic - ok
19:11:54.0234 3504 dpti2o - ok
19:11:54.0265 3504 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:11:54.0421 3504 drmkaud - ok
19:11:54.0500 3504 E1000 (c50a32e88251e2bfc2a3721a4078df0e) C:\WINDOWS\system32\DRIVERS\e1000325.sys
19:11:54.0687 3504 E1000 - ok
19:11:54.0796 3504 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
19:11:55.0031 3504 emu10k - ok
19:11:55.0046 3504 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
19:11:55.0234 3504 emu10k1 - ok
19:11:55.0312 3504 emupia (39fbced3e762b85846b3da494fcd33fe) C:\WINDOWS\system32\drivers\emupia2k.sys
19:11:55.0390 3504 emupia - ok
19:11:55.0468 3504 EverestDriver (dd32808d644dff1a1770fadf8c12686b) C:\Programme\EVEREST\kerneld.wnt
19:11:55.0515 3504 EverestDriver ( UnsignedFile.Multi.Generic ) - warning
19:11:55.0515 3504 EverestDriver - detected UnsignedFile.Multi.Generic (1)
19:11:55.0609 3504 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:11:55.0796 3504 Fastfat - ok
19:11:55.0875 3504 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:11:56.0046 3504 Fdc - ok
19:11:56.0078 3504 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
19:11:56.0234 3504 Fips - ok
19:11:56.0312 3504 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:11:56.0453 3504 Flpydisk - ok
19:11:56.0500 3504 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:11:56.0671 3504 FltMgr - ok
19:11:56.0703 3504 FsUsbExDisk - ok
19:11:56.0734 3504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:11:56.0921 3504 Fs_Rec - ok
19:11:56.0968 3504 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:11:57.0171 3504 Ftdisk - ok
19:11:57.0218 3504 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:11:57.0390 3504 gameenum - ok
19:11:57.0453 3504 GDBehave (1b519753da1e7e51f37001e23f1bb045) C:\WINDOWS\system32\drivers\GDBehave.sys
19:11:57.0531 3504 GDBehave - ok
19:11:57.0609 3504 GDMnIcpt (cd58774324a78bba15b89c35bed81593) C:\WINDOWS\system32\drivers\MiniIcpt.sys
19:11:57.0687 3504 GDMnIcpt - ok
19:11:57.0765 3504 GDTdiInterceptor (564777071576ce55b9204a02ec8fd645) C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
19:11:57.0796 3504 GDTdiInterceptor - ok
19:11:57.0859 3504 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
19:11:57.0921 3504 GEARAspiWDM - ok
19:11:57.0984 3504 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
19:11:58.0046 3504 ggflt - ok
19:11:58.0093 3504 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
19:11:58.0156 3504 ggsemc - ok
19:11:58.0203 3504 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:11:58.0359 3504 Gpc - ok
19:11:58.0421 3504 GRD (6a317ad9a2d6c9612d34b692084ea6f8) C:\WINDOWS\system32\drivers\GRD.sys
19:11:58.0453 3504 GRD - ok
19:11:58.0500 3504 ha10kx2k (42682170cd771d669a40925989f6e488) C:\WINDOWS\system32\drivers\ha10kx2k.sys
19:11:58.0687 3504 ha10kx2k - ok
19:11:58.0765 3504 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
19:11:58.0828 3504 hamachi - ok
19:11:58.0843 3504 hap16v2k (d2fe992041527ef54e438a3fc82d3b23) C:\WINDOWS\system32\drivers\hap16v2k.sys
19:11:58.0937 3504 hap16v2k - ok
19:11:59.0031 3504 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:11:59.0187 3504 hidusb - ok
19:11:59.0234 3504 HookCentre (f60c377c72bb24f5212ff994420f511f) C:\WINDOWS\system32\drivers\HookCentre.sys
19:11:59.0312 3504 HookCentre - ok
19:11:59.0375 3504 hpn - ok
19:11:59.0406 3504 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:11:59.0515 3504 HTTP - ok
19:11:59.0593 3504 i2omgmt - ok
19:11:59.0609 3504 i2omp - ok
19:11:59.0656 3504 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:11:59.0828 3504 i8042prt - ok
19:11:59.0859 3504 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:12:00.0031 3504 Imapi - ok
19:12:00.0109 3504 InCDFs - ok
19:12:00.0125 3504 InCDPass - ok
19:12:00.0140 3504 InCDRm - ok
19:12:00.0156 3504 ini910u - ok
19:12:00.0171 3504 IntelIde - ok
19:12:00.0203 3504 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:12:00.0359 3504 intelppm - ok
19:12:00.0390 3504 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:12:00.0546 3504 Ip6Fw - ok
19:12:00.0640 3504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:12:00.0828 3504 IpFilterDriver - ok
19:12:00.0843 3504 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:12:01.0015 3504 IpInIp - ok
19:12:01.0109 3504 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:12:01.0265 3504 IpNat - ok
19:12:01.0296 3504 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:12:01.0453 3504 IPSec - ok
19:12:01.0484 3504 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:12:01.0671 3504 IRENUM - ok
19:12:01.0750 3504 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:12:01.0921 3504 isapnp - ok
19:12:01.0937 3504 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:12:02.0093 3504 Kbdclass - ok
19:12:02.0125 3504 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:12:02.0265 3504 kbdhid - ok
19:12:02.0359 3504 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:12:02.0531 3504 kmixer - ok
19:12:02.0562 3504 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:12:02.0718 3504 KSecDD - ok
19:12:02.0890 3504 lbrtfdc - ok
19:12:03.0015 3504 LGDDCDevice (9dcb9d9bdb7e3c0f66f86ee09a392cbb) C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys
19:12:03.0140 3504 LGDDCDevice ( UnsignedFile.Multi.Generic ) - warning
19:12:03.0140 3504 LGDDCDevice - detected UnsignedFile.Multi.Generic (1)
19:12:03.0265 3504 LGII2CDevice (21a62a7a95b1905634e7c12e5158ec32) C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys
19:12:03.0406 3504 LGII2CDevice ( UnsignedFile.Multi.Generic ) - warning
19:12:03.0406 3504 LGII2CDevice - detected UnsignedFile.Multi.Generic (1)
19:12:03.0640 3504 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:12:03.0718 3504 lirsgt ( UnsignedFile.Multi.Generic ) - warning
19:12:03.0718 3504 lirsgt - detected UnsignedFile.Multi.Generic (1)
19:12:03.0984 3504 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
19:12:04.0109 3504 MBAMProtector - ok
19:12:04.0296 3504 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\WINDOWS\System32\mbmiodrvr.sys
19:12:04.0437 3504 mbmiodrvr ( UnsignedFile.Multi.Generic ) - warning
19:12:04.0437 3504 mbmiodrvr - detected UnsignedFile.Multi.Generic (1)
19:12:04.0531 3504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:12:04.0703 3504 mnmdd - ok
19:12:04.0734 3504 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
19:12:04.0906 3504 Modem - ok
19:12:04.0984 3504 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:12:05.0140 3504 Mouclass - ok
19:12:05.0156 3504 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:12:05.0328 3504 mouhid - ok
19:12:05.0343 3504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:12:05.0515 3504 MountMgr - ok
19:12:05.0593 3504 mraid35x - ok
19:12:05.0656 3504 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:12:05.0843 3504 MRxDAV - ok
19:12:05.0937 3504 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:12:06.0156 3504 MRxSmb - ok
19:12:06.0250 3504 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:12:06.0406 3504 Msfs - ok
19:12:06.0437 3504 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:12:06.0609 3504 MSKSSRV - ok
19:12:06.0687 3504 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:12:06.0859 3504 MSPCLOCK - ok
19:12:06.0890 3504 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:12:07.0046 3504 MSPQM - ok
19:12:07.0125 3504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:12:07.0281 3504 mssmbios - ok
19:12:07.0312 3504 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:12:07.0406 3504 Mup - ok
19:12:07.0484 3504 NAL (540b8a901d21dac7fd9b3838bb0d741e) C:\WINDOWS\system32\Drivers\iqvw32.sys
19:12:07.0562 3504 NAL ( UnsignedFile.Multi.Generic ) - warning
19:12:07.0562 3504 NAL - detected UnsignedFile.Multi.Generic (1)
19:12:07.0671 3504 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:12:07.0859 3504 NDIS - ok
19:12:07.0937 3504 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:12:08.0015 3504 NdisTapi - ok
19:12:08.0062 3504 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:12:08.0218 3504 Ndisuio - ok
19:12:08.0281 3504 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:12:08.0437 3504 NdisWan - ok
19:12:08.0484 3504 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:12:08.0593 3504 NDProxy - ok
19:12:08.0671 3504 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:12:08.0828 3504 NetBIOS - ok
19:12:08.0859 3504 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:12:09.0031 3504 NetBT - ok
19:12:09.0140 3504 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
19:12:09.0296 3504 nm - ok
19:12:09.0343 3504 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:12:09.0500 3504 Npfs - ok
19:12:09.0625 3504 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys
19:12:09.0671 3504 NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
19:12:09.0671 3504 NPF_devolo - detected UnsignedFile.Multi.Generic (1)
19:12:09.0718 3504 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:12:09.0921 3504 Ntfs - ok
19:12:10.0000 3504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:12:10.0171 3504 Null - ok
19:12:10.0203 3504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:12:10.0359 3504 NwlnkFlt - ok
19:12:10.0437 3504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:12:10.0609 3504 NwlnkFwd - ok
19:12:10.0671 3504 ossrv (64631723b13cbcc153294347535844be) C:\WINDOWS\system32\drivers\ctoss2k.sys
19:12:10.0765 3504 ossrv - ok
19:12:10.0843 3504 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
19:12:11.0000 3504 Parport - ok
19:12:11.0031 3504 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:12:11.0203 3504 PartMgr - ok
19:12:11.0265 3504 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
19:12:11.0437 3504 ParVdm - ok
19:12:11.0468 3504 pccsmcfd - ok
19:12:11.0500 3504 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
19:12:11.0671 3504 PCI - ok
19:12:11.0718 3504 PCIDump - ok
19:12:11.0750 3504 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:12:11.0937 3504 PCIIde - ok
19:12:11.0968 3504 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:12:12.0125 3504 Pcmcia - ok
19:12:12.0203 3504 PDCOMP - ok
19:12:12.0218 3504 PDFRAME - ok
19:12:12.0234 3504 PDRELI - ok
19:12:12.0250 3504 PDRFRAME - ok
19:12:12.0265 3504 perc2 - ok
19:12:12.0281 3504 perc2hib - ok
19:12:12.0312 3504 PfModNT (b293f05ad9120b0232c28945c1e98cd0) C:\WINDOWS\System32\PfModNT.sys
19:12:12.0343 3504 PfModNT ( UnsignedFile.Multi.Generic ) - warning
19:12:12.0343 3504 PfModNT - detected UnsignedFile.Multi.Generic (1)
19:12:12.0375 3504 PLCND532 (cf5aa091b8ba5aee3f3adb310b9f73cb) C:\WINDOWS\system32\Drivers\PLCND532.sys
19:12:12.0453 3504 PLCND532 - ok
19:12:12.0546 3504 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
19:12:12.0609 3504 Point32 - ok
19:12:12.0625 3504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:12:12.0796 3504 PptpMiniport - ok
19:12:12.0875 3504 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
19:12:13.0046 3504 Processor - ok
19:12:13.0078 3504 prodrv06 (09921a58b4278bc16efa91a8fe480c50) C:\WINDOWS\System32\drivers\prodrv06.sys
19:12:13.0140 3504 prodrv06 ( UnsignedFile.Multi.Generic ) - warning
19:12:13.0140 3504 prodrv06 - detected UnsignedFile.Multi.Generic (1)
19:12:13.0218 3504 prohlp02 (97184f49aa0733f6eea28ada265ba8da) C:\WINDOWS\system32\drivers\prohlp02.sys
19:12:13.0359 3504 prohlp02 ( UnsignedFile.Multi.Generic ) - warning
19:12:13.0359 3504 prohlp02 - detected UnsignedFile.Multi.Generic (1)
19:12:13.0390 3504 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
19:12:13.0437 3504 prosync1 ( UnsignedFile.Multi.Generic ) - warning
19:12:13.0437 3504 prosync1 - detected UnsignedFile.Multi.Generic (1)
19:12:13.0531 3504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:12:13.0718 3504 Ptilink - ok
19:12:13.0750 3504 PWSYSDRV (57ba9e2a52e6665be919c83e468a54ad) C:\WINDOWS\System32\drivers\PWSYSDRV.sys
19:12:13.0781 3504 PWSYSDRV ( UnsignedFile.Multi.Generic ) - warning
19:12:13.0781 3504 PWSYSDRV - detected UnsignedFile.Multi.Generic (1)
19:12:13.0812 3504 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:12:13.0875 3504 PxHelp20 - ok
19:12:13.0937 3504 ql1080 - ok
19:12:13.0953 3504 Ql10wnt - ok
19:12:13.0968 3504 ql12160 - ok
19:12:13.0984 3504 ql1240 - ok
19:12:14.0000 3504 ql1280 - ok
19:12:14.0031 3504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:12:14.0203 3504 RasAcd - ok
19:12:14.0250 3504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:12:14.0406 3504 Rasl2tp - ok
19:12:14.0484 3504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:12:14.0656 3504 RasPppoe - ok
19:12:14.0687 3504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:12:14.0875 3504 Raspti - ok
19:12:14.0953 3504 rbeabs (99159e3ef20a4792aefe4115e8ad0957) C:\WINDOWS\system32\DRIVERS\rbeabs.sys
19:12:15.0046 3504 rbeabs ( UnsignedFile.Multi.Generic ) - warning
19:12:15.0046 3504 rbeabs - detected UnsignedFile.Multi.Generic (1)
19:12:15.0062 3504 rbeaprt (fb228cd598b7686e98fbf7bfb55666eb) C:\WINDOWS\System32\Drivers\rbeaprt.sys
19:12:15.0125 3504 rbeaprt ( UnsignedFile.Multi.Generic ) - warning
19:12:15.0125 3504 rbeaprt - detected UnsignedFile.Multi.Generic (1)
19:12:15.0218 3504 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:12:15.0390 3504 Rdbss - ok
19:12:15.0421 3504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:12:15.0578 3504 RDPCDD - ok
19:12:15.0703 3504 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:12:15.0906 3504 rdpdr - ok
19:12:15.0953 3504 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:12:16.0062 3504 RDPWD - ok
19:12:16.0156 3504 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:12:16.0312 3504 redbook - ok
19:12:16.0359 3504 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:12:16.0406 3504 rspndr ( UnsignedFile.Multi.Generic ) - warning
19:12:16.0406 3504 rspndr - detected UnsignedFile.Multi.Generic (1)
19:12:16.0515 3504 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
19:12:16.0578 3504 s0016bus - ok
19:12:16.0625 3504 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
19:12:16.0687 3504 s0016mdfl - ok
19:12:16.0703 3504 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
19:12:16.0796 3504 s0016mdm - ok
19:12:16.0875 3504 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
19:12:16.0921 3504 s0016mgmt - ok
19:12:16.0968 3504 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
19:12:17.0000 3504 s0016nd5 - ok
19:12:17.0093 3504 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
19:12:17.0171 3504 s0016obex - ok
19:12:17.0218 3504 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
19:12:17.0265 3504 s0016unic - ok
19:12:17.0359 3504 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\WINDOWS\system32\DRIVERS\s0017bus.sys
19:12:17.0421 3504 s0017bus - ok
19:12:17.0453 3504 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
19:12:17.0500 3504 s0017mdfl - ok
19:12:17.0515 3504 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
19:12:17.0593 3504 s0017mdm - ok
19:12:17.0687 3504 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
19:12:17.0765 3504 s0017mgmt - ok
19:12:17.0796 3504 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
19:12:17.0859 3504 s0017nd5 - ok
19:12:17.0937 3504 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\WINDOWS\system32\DRIVERS\s0017obex.sys
19:12:17.0984 3504 s0017obex - ok
19:12:18.0031 3504 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\WINDOWS\system32\DRIVERS\s0017unic.sys
19:12:18.0109 3504 s0017unic - ok
19:12:18.0218 3504 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
19:12:18.0250 3504 SE27bus ( UnsignedFile.Multi.Generic ) - warning
19:12:18.0250 3504 SE27bus - detected UnsignedFile.Multi.Generic (1)
19:12:18.0265 3504 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
19:12:18.0343 3504 SE27mdfl ( UnsignedFile.Multi.Generic ) - warning
19:12:18.0343 3504 SE27mdfl - detected UnsignedFile.Multi.Generic (1)
19:12:18.0375 3504 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
19:12:18.0421 3504 SE27mdm ( UnsignedFile.Multi.Generic ) - warning
19:12:18.0421 3504 SE27mdm - detected UnsignedFile.Multi.Generic (1)
19:12:18.0500 3504 SE27mgmt (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
19:12:18.0578 3504 SE27mgmt ( UnsignedFile.Multi.Generic ) - warning
19:12:18.0578 3504 SE27mgmt - detected UnsignedFile.Multi.Generic (1)
19:12:18.0609 3504 se27nd5 (bb30139683bbf3ee89ec931393d9335c) C:\WINDOWS\system32\DRIVERS\se27nd5.sys
19:12:18.0656 3504 se27nd5 ( UnsignedFile.Multi.Generic ) - warning
19:12:18.0656 3504 se27nd5 - detected UnsignedFile.Multi.Generic (1)
19:12:18.0750 3504 SE27obex (5da6ff71e94b9134ddd094ebb09f05e6) C:\WINDOWS\system32\DRIVERS\SE27obex.sys
19:12:18.0812 3504 SE27obex ( UnsignedFile.Multi.Generic ) - warning
19:12:18.0812 3504 SE27obex - detected UnsignedFile.Multi.Generic (1)
19:12:18.0843 3504 se27unic (4d54a9d7c22157ab3d2442e8bcf5ecd2) C:\WINDOWS\system32\DRIVERS\se27unic.sys
19:12:18.0921 3504 se27unic ( UnsignedFile.Multi.Generic ) - warning
19:12:18.0921 3504 se27unic - detected UnsignedFile.Multi.Generic (1)
19:12:19.0000 3504 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:12:19.0156 3504 Secdrv - ok
19:12:19.0203 3504 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
19:12:19.0265 3504 seehcri - ok
19:12:19.0359 3504 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:12:19.0515 3504 serenum - ok
19:12:19.0546 3504 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
19:12:19.0703 3504 Serial - ok
19:12:19.0796 3504 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
19:12:19.0859 3504 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
19:12:19.0859 3504 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
19:12:19.0906 3504 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
19:12:19.0953 3504 sfhlp01 ( UnsignedFile.Multi.Generic ) - warning
19:12:19.0953 3504 sfhlp01 - detected UnsignedFile.Multi.Generic (1)
19:12:20.0031 3504 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
19:12:20.0078 3504 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
19:12:20.0078 3504 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
19:12:20.0109 3504 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:12:20.0265 3504 Sfloppy - ok
19:12:20.0296 3504 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
19:12:20.0484 3504 sfman - ok
19:12:20.0562 3504 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys
19:12:20.0671 3504 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
19:12:20.0671 3504 sfsync02 - detected UnsignedFile.Multi.Generic (1)
19:12:20.0687 3504 Simbad - ok
19:12:20.0718 3504 snapman (9bae383d3116a545758d45d0b994ba32) C:\WINDOWS\system32\DRIVERS\snapman.sys
19:12:20.0796 3504 snapman ( UnsignedFile.Multi.Generic ) - warning
19:12:20.0796 3504 snapman - detected UnsignedFile.Multi.Generic (1)
19:12:20.0859 3504 Sparrow - ok
19:12:20.0906 3504 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:12:21.0078 3504 splitter - ok
19:12:21.0093 3504 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
19:12:21.0250 3504 sr - ok
19:12:21.0343 3504 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:12:21.0468 3504 Srv - ok
19:12:21.0484 3504 StarOpen - ok
19:12:21.0515 3504 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:12:21.0656 3504 swenum - ok
19:12:21.0750 3504 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:12:21.0890 3504 swmidi - ok
19:12:21.0906 3504 symc810 - ok
19:12:21.0921 3504 symc8xx - ok
19:12:21.0937 3504 sym_hi - ok
19:12:21.0953 3504 sym_u3 - ok
19:12:21.0968 3504 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:12:22.0125 3504 sysaudio - ok
19:12:22.0171 3504 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
19:12:22.0218 3504 tbhsd - ok
19:12:22.0312 3504 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:12:22.0468 3504 Tcpip - ok
19:12:22.0546 3504 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:12:22.0703 3504 TDPIPE - ok
19:12:22.0734 3504 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:12:22.0875 3504 TDTCP - ok
19:12:22.0906 3504 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
19:12:23.0000 3504 teamviewervpn - ok
19:12:23.0078 3504 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:12:23.0234 3504 TermDD - ok
19:12:23.0265 3504 tifsfilter (38e6ee805f15f829982dceec07a70b2d) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:12:23.0312 3504 tifsfilter ( UnsignedFile.Multi.Generic ) - warning
19:12:23.0312 3504 tifsfilter - detected UnsignedFile.Multi.Generic (1)
19:12:23.0328 3504 timounter (727e235ab6dcc4dd4fe023366b7da2d3) C:\WINDOWS\system32\DRIVERS\timntr.sys
19:12:23.0421 3504 timounter ( UnsignedFile.Multi.Generic ) - warning
19:12:23.0421 3504 timounter - detected UnsignedFile.Multi.Generic (1)
19:12:23.0500 3504 TosIde - ok
19:12:23.0531 3504 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:12:23.0703 3504 Udfs - ok
19:12:23.0703 3504 ultra - ok
19:12:23.0750 3504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:12:23.0937 3504 Update - ok
19:12:24.0031 3504 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:12:24.0187 3504 usbccgp - ok
19:12:24.0218 3504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:12:24.0375 3504 usbhub - ok
19:12:24.0453 3504 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:12:24.0593 3504 usbscan - ok
19:12:24.0640 3504 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:12:24.0781 3504 USBSTOR - ok
19:12:24.0812 3504 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:12:24.0953 3504 usbuhci - ok
19:12:25.0031 3504 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:12:25.0171 3504 VgaSave - ok
19:12:25.0187 3504 ViaIde - ok
19:12:25.0218 3504 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
19:12:25.0375 3504 VolSnap - ok
19:12:25.0453 3504 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:12:25.0609 3504 Wanarp - ok
19:12:25.0687 3504 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:12:25.0796 3504 Wdf01000 - ok
19:12:25.0812 3504 WDICA - ok
19:12:25.0843 3504 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:12:26.0000 3504 wdmaud - ok
19:12:26.0078 3504 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
19:12:26.0156 3504 WinUSB - ok
19:12:26.0218 3504 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:12:26.0312 3504 WpdUsb - ok
19:12:26.0390 3504 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:12:26.0484 3504 WudfPf - ok
19:12:26.0531 3504 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:12:26.0625 3504 WudfRd - ok
19:12:26.0671 3504 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
19:12:26.0859 3504 \Device\Harddisk0\DR0 - ok
19:12:26.0875 3504 Boot (0x1200) (f11aed049801ccbc4a09c01d67592c85) \Device\Harddisk0\DR0\Partition0
19:12:26.0875 3504 \Device\Harddisk0\DR0\Partition0 - ok
19:12:26.0890 3504 Boot (0x1200) (a62c70a31b240f859f20e75fb91a5783) \Device\Harddisk0\DR0\Partition1
19:12:26.0890 3504 \Device\Harddisk0\DR0\Partition1 - ok
19:12:26.0906 3504 ============================================================
19:12:26.0906 3504 Scan finished
19:12:26.0906 3504 ============================================================
19:12:27.0015 0896 Detected object count: 35
19:12:27.0015 0896 Actual detected object count: 35
19:12:43.0625 0896 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 atapi ( LockedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 atitray ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 atitray ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 EverestDriver ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 EverestDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 LGDDCDevice ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 LGDDCDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 LGII2CDevice ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 LGII2CDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 mbmiodrvr ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 mbmiodrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 NAL ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 NAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0625 0896 NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0625 0896 NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0640 0896 PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0640 0896 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0640 0896 prodrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0640 0896 prodrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0640 0896 prohlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0640 0896 prohlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0640 0896 prosync1 ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0640 0896 prosync1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0656 0896 PWSYSDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0656 0896 PWSYSDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0656 0896 rbeabs ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0656 0896 rbeabs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0656 0896 rbeaprt ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0656 0896 rbeaprt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0656 0896 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0656 0896 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0656 0896 SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0656 0896 SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0656 0896 SE27mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0656 0896 SE27mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0656 0896 SE27mdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0656 0896 SE27mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0671 0896 SE27mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0671 0896 SE27mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0671 0896 se27nd5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0671 0896 se27nd5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0671 0896 SE27obex ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0671 0896 SE27obex ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0671 0896 se27unic ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0671 0896 se27unic ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0671 0896 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0671 0896 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0671 0896 sfhlp01 ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0671 0896 sfhlp01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0687 0896 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0687 0896 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0687 0896 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0687 0896 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0687 0896 snapman ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0687 0896 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0687 0896 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0687 0896 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:12:43.0687 0896 timounter ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:43.0687 0896 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 29.11.2011, 19:17

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

player66 · 29.11.2011, 19:18

Liegt eine Infektion vor oder suchen wir derzeit noch?

cosinus · 29.11.2011, 19:20

Das versuche ich ja gerade herauszufinden => Analyse

player66 · 29.11.2011, 19:45

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-11-29.04 - Administrator 29.11.2011  19:27:01.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1022.583 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: G Data AntiVirus 2012 *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\wget.exe
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\beast\cookies.sqlite
c:\windows\CSC\d6
c:\windows\daemon.dll
c:\windows\system32\H
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\usmt\migwiz_a.exe
.
Infizierte Kopie von c:\windows\system32\kernel32.dll wurde gefunden und desinfiziert 
Kopie von - c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll wurde wiederhergestellt 
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-28 bis 2011-11-29  ))))))))))))))))))))))))))))))
.
.
2011-11-29 17:53 . 2011-11-29 17:53	--------	d-----w-	C:\_OTL
2011-11-26 19:16 . 2011-11-26 19:16	--------	d-----w-	c:\programme\ESET
2011-11-26 17:24 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-26 17:24 . 2011-11-26 17:24	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2011-11-22 12:27 . 2011-11-22 12:28	--------	d-----w-	c:\dokumente und einstellungen\beast\startupCache
2011-11-07 18:15 . 2011-10-13 01:57	212472	----a-w-	c:\programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\Components\AVKWebFilterFF6.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-29 18:05 . 2011-11-29 18:04	104904	----a-w-	C:\_OTL.zip
2011-11-25 16:27 . 2011-05-20 17:34	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 18:15 . 2010-12-27 22:06	79992	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2011-11-07 18:15 . 2010-12-27 22:06	40568	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2011-11-07 18:15 . 2010-12-27 22:06	40440	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2011-10-10 14:22 . 2004-10-14 10:19	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2011-06-28 22:24	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-06-28 22:24	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-10-02 08:52 . 2010-12-27 22:07	52216	----a-w-	c:\windows\system32\drivers\GDTdiIcpt.sys
2011-09-28 07:06 . 2004-10-11 18:53	604160	----a-w-	c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59	614912	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-08-18 11:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-08-18 11:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-06 14:10 . 2008-11-14 16:55	1859072	----a-w-	c:\windows\system32\win32k.sys
2008-02-07 20:46 . 2008-02-07 20:46	13624	----a-w-	c:\programme\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 . 2008-02-07 20:46	87360	----a-w-	c:\programme\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 . 2008-02-07 20:46	91448	----a-w-	c:\programme\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 . 2008-02-07 20:46	21824	----a-w-	c:\programme\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 . 2008-02-07 20:46	206136	----a-w-	c:\programme\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 . 2008-02-07 20:46	31544	----a-w-	c:\programme\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 . 2008-02-07 20:46	40248	----a-w-	c:\programme\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 . 2007-03-16 16:27	479232	----a-w-	c:\programme\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 . 2007-03-16 16:27	548864	----a-w-	c:\programme\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 . 2007-03-16 16:27	626688	----a-w-	c:\programme\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 . 2007-07-20 11:47	981170	----a-w-	c:\programme\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 . 2008-02-07 20:46	24384	----a-w-	c:\programme\mozilla firefox\plugins\TcpPServ.dll
2011-11-12 21:42 . 2011-06-23 09:37	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2002-08-28 23:27 . !HASH: COULD NOT OPEN FILE !!!!! . 86912 . . [------] . . c:\windows\system32\drivers\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"G Data AntiVirus Tray Application"="c:\programme\G Data\AntiVirus\AVKTray\AVKTray.exe" [2011-05-11 923144]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"itype"="c:\programme\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\programme\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
forteManager.lnk.disabled [2009-10-17 1629]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2011-1-10 608624]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55	937920	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04	35736	----a-w-	d:\acrobatreader\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-12-15 07:46	976784	----a-w-	c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24	54840	----a-w-	c:\programme\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 10:41	196608	----a-w-	c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 04:07	69632	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-06-24 06:54	20880	----a-w-	c:\programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 21:32	61440	----a-w-	c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06	254696	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="d:\nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="d:\acrobatreader\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24005:TCP"= 24005:TCP:*:Disabled:BitComet 24005 TCP
"24005:UDP"= 24005:UDP:*:Disabled:BitComet 24005 UDP
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [27.12.2010 23:06 40440]
R0 rbeabs;rbeabs;c:\windows\system32\drivers\rbeabs.sys [11.10.2004 19:38 156800]
R1 atitray;atitray;c:\programme\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [10.07.2008 19:45 17952]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [27.12.2010 23:06 79992]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [03.01.2011 21:29 69112]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [27.12.2010 23:06 40568]
R2 AVKProxy;G Data AntiVirus Proxy;c:\programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [27.08.2010 08:50 1506824]
R2 AVKService;G Data Scheduler;c:\programme\G Data\AntiVirus\AVK\AVKService.exe [27.08.2010 08:50 381448]
R2 AVKWCtl;G Data Dateisystem Wächter;c:\programme\G Data\AntiVirus\AVK\AVKWCtl.exe [27.08.2010 01:04 1554184]
R2 DevoloNetworkService;devolo Network Service;c:\programme\devolo\dlan\devolonetsvc.exe [19.07.2010 19:57 2231616]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [27.12.2010 23:07 52216]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [26.11.2011 18:24 366152]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [10.06.2010 13:32 35840]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [15.10.2004 16:24 17072]
R2 WHSConnector;Windows Home Server-Connectordienst;c:\programme\Windows Home Server\WHSConnector.exe [10.01.2011 13:43 376688]
R3 GDScan;G Data Scanner;c:\programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe [27.08.2010 00:39 457536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.11.2011 18:24 22216]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.05.2010 14:26 27632]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys --> c:\windows\system32\DRIVERS\ssudbus.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programme\EVEREST\kerneld.wnt [30.04.2004 23:00 3584]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17.10.2009 18:07 13224]
S3 LGDDCDevice;LGDDCDevice;c:\programme\LG Soft India\forteManager\bin\I2CDriver.sys [17.10.2009 14:30 14336]
S3 LGII2CDevice;LGII2CDevice;c:\programme\LG Soft India\forteManager\bin\PII2CDriver.sys [17.10.2009 14:30 18432]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [05.03.2008 17:27 26656]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [11.10.2004 22:32 61440]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [17.10.2009 18:07 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [17.10.2009 18:07 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [17.10.2009 18:07 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [17.10.2009 18:07 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [17.10.2009 18:07 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [17.10.2009 18:07 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [17.10.2009 18:07 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [17.10.2009 18:07 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [17.10.2009 18:07 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [17.10.2009 18:07 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [17.10.2009 18:07 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [17.10.2009 18:07 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [17.10.2009 18:07 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [17.10.2009 18:07 109736]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.01.2008 10:12 25088]
S4 rbeaprt;rbeaprt;c:\windows\system32\drivers\rbeaprt.sys [11.10.2004 19:38 5248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02	114688	----a-w-	c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2008-11-24 c:\windows\Tasks\$~$Sys0$.job
- c:\windows\System32\SchedSvc.dll [2005-08-18 05:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-DivX Download Manager - c:\programme\DivX\DivX Plus Web Player\DDmService.exe
AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442
AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-29 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programme\EVEREST\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,4b,e3,93,51,4f,27,42,a0,a3,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,4b,e3,93,51,4f,27,42,a0,a3,40,\
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Kundendienst]
"Order"=hex:08,00,00,00,02,00,00,00,b8,02,00,00,01,00,00,00,04,00,00,00,de,00,
   00,00,00,00,00,00,d0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,be,00,32,\
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6b,d7,17,88,a4,fa,15,4c,df,1b,45,e5,fb,97,26,c5,66,1d,67,4d,c7,58,a5,
   7f,c7,98,f9,63,49,61,97,9d,12,42,ea,c2,70,c9,65,59,7e,a5,b5,b4,c1,b8,0e,74,\
"??"=hex:55,10,30,0b,37,2f,bf,d6,b2,68,54,98,20,3f,af,29
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:4e,e6,97,20,53,8e,6e,49,f4,4b,80,98,98,ce,e7,44,f0,f2,af,c7,bd,
   07,05,7e,f2,0e,a2,c5,b6,65,2a,2c,19,73,45,ea,92,88,b6,ee,7e,3b,97,f8,17,36,\
"rkeysecu"=hex:e7,db,25,85,9d,d9,0c,6b,59,a2,fd,fb,c5,47,90,f8
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1464)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Microsoft IntelliType Pro\dpupdchk.exe
c:\programme\Windows Home Server\WHSTrayApp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-29  19:41:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-29 18:41
.
Vor Suchlauf: 5.083.295.744 Bytes frei
Nach Suchlauf: 4.937.187.328 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 2AC99FA51BEFB1005961ECB578D10A7F

--- --- ---

cosinus · 29.11.2011, 20:22

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

player66 · 29.11.2011, 20:35

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-29 20:35:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS722516VLSA80 rev.V34OA60A
Running: 1sq739id.exe; Driver: C:\WINDOWS\TEMP\fxtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT            rbeabs.sys (PnP BIOS Extension/ )                                                                            ZwClose [0xF74ADD08]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                            ZwCreateKey [0xF76AA382]
SSDT            rbeabs.sys (PnP BIOS Extension/ )                                                                            ZwCreatePagingFile [0xF74A1A20]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                            ZwDeleteKey [0xF76AA606]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                            ZwDeleteValueKey [0xF76AA628]
SSDT            rbeabs.sys (PnP BIOS Extension/ )                                                                            ZwEnumerateKey [0xF74A24FC]
SSDT            rbeabs.sys (PnP BIOS Extension/ )                                                                            ZwEnumerateValueKey [0xF74ADE00]
SSDT            rbeabs.sys (PnP BIOS Extension/ )                                                                            ZwOpenFile [0xF74A1A60]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                            ZwOpenKey [0xF76AA4C4]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                            ZwOpenProcess [0xF76AA23E]
SSDT            rbeabs.sys (PnP BIOS Extension/ )                                                                            ZwQueryKey [0xF74A251C]
SSDT            rbeabs.sys (PnP BIOS Extension/ )                                                                            ZwQueryValueKey [0xF74ADD56]
SSDT            rbeabs.sys (PnP BIOS Extension/ )                                                                            ZwSetSystemPowerState [0xF74AD230]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                            ZwSetValueKey [0xF76AA5D8]

---- Kernel code sections - GMER 1.0.15 ----

?               Combo-Fix.sys                                                                                                Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                     section is writeable [0xF6E21000, 0x1C5D38, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                       section is writeable [0xA7C6F300, 0x22020, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                       section is writeable [0xF78E8300, 0x1B7E, 0xE8000020]
?               C:\ComboFix\catchme.sys                                                                                      Das System kann den angegebenen Pfad nicht finden. !
?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                   Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Mozilla Firefox\firefox.exe[3152] ntdll.dll!LdrLoadDll                                          7C92632D 5 Bytes  JMP 01262EC0 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Fastfat \FatCdrom                                                                                8470D8C8
Device          \Driver\Tcpip \Device\Ip                                                                                     GDTdiIcpt.sys (G Data Software AG)
Device          \Driver\Tcpip \Device\Tcp                                                                                    GDTdiIcpt.sys (G Data Software AG)
Device          \Driver\prodrv06 \Device\ProDrv06                                                                            E1A19C30

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                       snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\Cdrom \Device\CdRom0                                                                                 86A0B438
Device          \FileSystem\Rdbss \Device\FsWrap                                                                             85B6EDB8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17                                                                 86A13770
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                  86A13770
Device          \Driver\atapi \Device\Ide\IdePort0                                                                           86A13770
Device          \Driver\atapi \Device\Ide\IdePort1                                                                           86A13770
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f                                                                  86A13770
Device          \Driver\Cdrom \Device\CdRom1                                                                                 86A0B438
Device          \Driver\prohlp02 \Device\ProHlp02                                                                            E180F710
Device          \FileSystem\Srv \Device\LanmanServer                                                                         847C23F8
Device          \Driver\Tcpip \Device\Udp                                                                                    GDTdiIcpt.sys (G Data Software AG)
Device          \Driver\Tcpip \Device\RawIp                                                                                  GDTdiIcpt.sys (G Data Software AG)
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                            84E96190
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                            GDTdiIcpt.sys (G Data Software AG)
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                  84E96190
Device          \FileSystem\Npfs \Device\NamedPipe                                                                           858CB288
Device          \FileSystem\Msfs \Device\Mailslot                                                                            858DE0C0
Device          \FileSystem\Fastfat \Fat                                                                                     8470D8C8

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                     fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                           858E9068
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                            858E9068
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                                858E9068
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                             858E9068
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                            858E9068
Device          \FileSystem\Cdfs \Cdfs                                                                                       84E152C0

---- Modules - GMER 1.0.15 ----

Module          _________                                                                                                    F7405000-F741B000 (90112 bytes)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}@DisplayName  DAEMON Tools
Reg             HKLM\SOFTWARE\Classes\Installer\Products\B3D5AC652003B7E409EF70D1F8FD8341@ProductName                        DAEMON Tools

---- EOF - GMER 1.0.15 ----

--- --- ---

player66 · 29.11.2011, 20:40

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:39:51 on 29.11.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 8.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl
"AudioHQU.cpl" - "Creative Technology Ltd." - C:\WINDOWS\system32\AudioHQU.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PRApplet.cpl" - "Intel(R) Corporation" - C:\WINDOWS\system32\PRApplet.cpl
"SanCpl.cpl" - "SiSoftware" - C:\WINDOWS\system32\SanCpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime Alternative\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis TrueImage Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis TrueImage FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"Antwort für Verbindungsschicht-Topologieerkennung" (rspndr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rspndr.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\System32\drivers\aspi32.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys
"atitray" (atitray) - ? - C:\Programme\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys  (File found, but it contains no detailed information)
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"dgderdrv" (dgderdrv) - ? - C:\WINDOWS\System32\drivers\dgderdrv.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File not found)
"fxtdqpoc" (fxtdqpoc) - ? - C:\WINDOWS\TEMP\fxtdqpoc.sys  (Hidden registry entry, rootkit activity | File not found)
"G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\WINDOWS\system32\drivers\GRD.sys
"GDBehave" (GDBehave) - "G Data Software AG" - C:\WINDOWS\System32\drivers\GDBehave.sys
"GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\WINDOWS\system32\drivers\MiniIcpt.sys
"GDTdiInterceptor" (GDTdiInterceptor) - ? - C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"HookCentre" (HookCentre) - "G Data Software AG" - C:\WINDOWS\system32\drivers\HookCentre.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"InCD Reader" (InCDRm) - ? - C:\WINDOWS\System32\drivers\InCDRm.sys  (File not found)
"InCDPass" (InCDPass) - ? - C:\WINDOWS\System32\drivers\InCDPass.sys  (File not found)
"Lavalys EVEREST Kernel Driver" (EverestDriver) - ? - C:\Programme\EVEREST\kerneld.wnt  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"LGDDCDevice" (LGDDCDevice) - ? - C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys  (File found, but it contains no detailed information)
"LGII2CDevice" (LGII2CDevice) - ? - C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mbmiodrvr" (mbmiodrvr) - "cansoft@livewiredev.com" - C:\WINDOWS\System32\mbmiodrvr.sys
"mbr" (mbr) - ? - C:\WINDOWS\TEMP\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Nal Service " (NAL) - "Intel Corporation " - C:\WINDOWS\system32\Drivers\iqvw32.sys
"NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\WINDOWS\system32\drivers\npf_devolo.sys
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PfModNT" (PfModNT) - "Creative Technology Ltd." - C:\WINDOWS\System32\PfModNT.sys
"PLCND532 NDIS Protocol Driver" (PLCND532) - "Intellon, Inc." - C:\WINDOWS\System32\Drivers\PLCND532.sys
"PWSYSDRV" (PWSYSDRV) - "Destiny Technology Corporation" - C:\WINDOWS\System32\drivers\PWSYSDRV.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
"rbeabs" (rbeabs) - " " - C:\WINDOWS\System32\DRIVERS\rbeabs.sys
"SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)" (dg_ssudbus) - ? - C:\WINDOWS\System32\DRIVERS\ssudbus.sys  (File not found)
"Sony Ericsson Device 039 Driver driver (WDM)" (SE27bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27bus.sys
"Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)" (se27nd5) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se27nd5.sys
"Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)" (se27unic) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se27unic.sys
"Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)" (SE27mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys
"Sony Ericsson Device 039 USB WMC Modem Driver" (SE27mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27mdm.sys
"Sony Ericsson Device 039 USB WMC Modem Filter" (SE27mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys
"Sony Ericsson Device 039 USB WMC OBEX Interface" (SE27obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27obex.sys
"Standard-IDE/ESDI-Festplattencontroller" (atapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atapi.sys  (File is exclusively opened, access blocked)
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys
"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys
"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File not found)
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplact.dll
{9A065C65-4EE7-4DDD-9918-F129089A894A} "BrowserHelper Class" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSDeskBands.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplbtn.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{83AE6768-28C3-4057-A4A0-21AADA4B88E3} "DesktopShlExt Class" - ? - C:\Programme\LG Soft India\forteManager\bin\ContextMenu.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? -   (File not found | COM-object registry key not found)
{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} "Eudora's Shell Extension" - ? -   (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{86B567D0-313C-11D2-8985-0080ADA96E9B} "G Data Shredder" - ? -   (File not found | COM-object registry key not found)
{D73E76A3-F902-45BD-8FC8-95AE8E014671} "Home Server Banner" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSDeskBands.dll
{C1B5F1C3-6B6A-4890-A0CB-EAF0DF160E69} "Home Server Help Band" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSDeskBands.dll
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplsens.dll
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplzm.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplwhl.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplwir.dll
Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
"Exec" - ? - C:\WINDOWS\bdoscandel.exe  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll
<binary data> "Home Server Banner" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSDeskBands.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9A065C65-4EE7-4DDD-9918-F129089A894A} "BrowserHelper Class" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSDeskBands.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\BanksafeBHO.dll
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"forteManager.lnk.disabled" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\forteManager.lnk.disabled
"Windows Home Server.lnk" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSTrayApp.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe
"IntelliPoint" - "Microsoft Corporation" - "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
"itype" - "Microsoft Corporation" - "C:\Programme\Microsoft IntelliType Pro\itype.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"SP501 GDI Language Monitor" - "Destiny Technology Corporation" - C:\WINDOWS\system32\PWLANMON.DLL
"SP501 GDI Port Monitor" - ? - C:\WINDOWS\system32\PWPRTMON.DLL  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"devolo Network Service" (DevoloNetworkService) - ? - C:\Programme\devolo\dlan\devolonetsvc.exe  (File found, but it contains no detailed information)
"G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
"G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe
"G Data Scanner" (GDScan) - "G Data Software AG" - C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe
"G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel NCS NetService" (NetSvc) - "Intel(R) Corporation" - c:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"PsShutdown" (PsShutdownSvc) - ? - C:\WINDOWS\System32\PSSDNSVC.EXE  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Home Server-Connectordienst" (WHSConnector) - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSConnector.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

player66 · 29.11.2011, 20:58

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-29 20:41:07
-----------------------------
20:41:07.218 OS Version: Windows 5.1.2600 Service Pack 3
20:41:07.218 Number of processors: 2 586 0x209
20:41:07.218 ComputerName: BEASTS UserName:
20:41:07.515 Initialize success
20:52:37.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:52:37.937 Disk 0 Vendor: HDS722516VLSA80 V34OA60A Size: 157066MB BusType: 3
20:52:37.937 Device \Driver\atapi -> DriverStartIo f740c02e
20:52:37.937 Device \Driver\atapi -> MajorFunction 86a13770
20:52:39.953 Disk 0 MBR read successfully
20:52:39.953 Disk 0 MBR scan
20:52:39.953 Disk 0 Windows XP default MBR code
20:52:39.953 Disk 0 scanning sectors +321671168
20:52:40.000 Disk 0 scanning C:\WINDOWS\system32\drivers
20:52:46.109 Service scanning
20:52:46.359 Service atapi C:\WINDOWS\System32\DRIVERS\atapi.sys **LOCKED** 32
20:52:47.031 Modules scanning
20:53:11.453 Disk 0 trace - called modules:
20:53:11.468 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86a13770]<<
20:53:11.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b81ab8]
20:53:11.468 3 CLASSPNP.SYS[f7538fd7] -> nt!IofCallDriver -> \Device\00000080[0x86b6f198]
20:53:11.468 5 ACPI.sys[f7477620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b1c940]
20:53:11.468 \Driver\atapi[0x86b6f030] -> IRP_MJ_CREATE -> 0x86a13770
20:53:11.484 Scan finished successfully
20:53:30.062 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
20:53:30.062 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-29 20:53:54
-----------------------------
20:53:54.187 OS Version: Windows 5.1.2600 Service Pack 3
20:53:54.187 Number of processors: 2 586 0x209
20:53:54.187 ComputerName: BEASTS UserName:
20:53:54.312 Initialize success
20:57:53.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:57:53.093 Disk 0 Vendor: HDS722516VLSA80 V34OA60A Size: 157066MB BusType: 3
20:57:53.093 Device \Driver\atapi -> DriverStartIo f740c02e
20:57:53.093 Device \Driver\atapi -> MajorFunction 86a13770
20:57:55.109 Disk 0 MBR read successfully
20:57:55.109 Disk 0 MBR scan
20:57:55.109 Disk 0 Windows XP default MBR code
20:57:55.109 Disk 0 scanning sectors +321671168
20:57:55.156 Disk 0 scanning C:\WINDOWS\system32\drivers
20:58:00.843 Service scanning
20:58:01.078 Service atapi C:\WINDOWS\System32\DRIVERS\atapi.sys **LOCKED** 32
20:58:01.750 Modules scanning
20:58:06.156 Disk 0 trace - called modules:
20:58:06.187 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86a13770]<<
20:58:06.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b81ab8]
20:58:06.187 3 CLASSPNP.SYS[f7538fd7] -> nt!IofCallDriver -> \Device\00000080[0x86b6f198]
20:58:06.187 5 ACPI.sys[f7477620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b1c940]
20:58:06.187 \Driver\atapi[0x86b6f030] -> IRP_MJ_CREATE -> 0x86a13770
20:58:06.203 Scan finished successfully
20:58:14.906 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
20:58:14.906 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"

cosinus · 30.11.2011, 11:33

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

player66 · 01.12.2011, 19:14

Sorry war gestern nicht am Rechner

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8285

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01.12.2011 18:04:58
mbam-log-2011-12-01 (18-04-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 273234
Laufzeit: 36 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

29.11.2011, 19:20	#23
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus durch Flash gefangen? Das versuche ich ja gerade herauszufinden => Analyse __________________ Logfiles bitte immer in CODE-Tags posten

Virus durch Flash gefangen?

Log-Analyse und Auswertung: Virus durch Flash gefangen?