| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: syscron.exe - infizierte Dateien entfernt, nun löschen?Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
15.07.2010, 11:17
| #1 | |
| |  syscron.exe - infizierte Dateien entfernt, nun löschen? BITTE verschieben..... habe aus lauter Nervosität leider das falsche Unterforum angeklickt!!! Hallo zusammen nach jahrelangem virenfreien Surfen hat es mich nun "endlich" auch erwischt. Seit gestern befindet sich auch bei mir die nette Datei "sycron.exe" in meinem Autostart-Ordner, laut Google-Recherche ein "Trojan.Agent.Gen". Vie CCleaner habe ich diesen Eintrag zumindest mal sofort deaktiviert, löschen via CCleaner (Autostarteinträge) war nicht möglich. Als erstes habe ich mal MBAM drüber laufen lassen, das 4 Infektionen meldete, welche ich dann gelöscht habe, hier der Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4315
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
15.07.2010 11:09:38
mbam-log-2010-07-15 (11-09-38).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123837
Laufzeit: 3 Minute(n), 28 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
C:\Users\***\AppData\Local\KBDUDeR.dll (Trojan.Agent.Gen) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\plaxuyegano (Trojan.Agent.Gen) -> Delete on reboot.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Local\KBDUDeR.dll (Trojan.Agent.Gen) -> Delete on reboot.
Fehlermeldung: Zitat:
Daraufhin habe ich via CCleaner den "Startverweis" zur KBDUDeR durch die Registrysäuberung löschen können. Kann ich jetzt einfach versuchen, die syscron.exe manuell aus dem Autostart zu löschen? Oder muss ich erst noch andere Dinge beachten? Braucht ihr noch mehr Daten? Der zweite Scan durch MBMA verlief übrigens "sauber". Hier ausserdem der RSIT-Log nach der Anwendung von mbam: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-07-15 12:11:06 Microsoft Windows 7 Home Premium System drive C: has 16 GB (32%) free of 50 GB Total RAM: 3327 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:11:10, on 15.07.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe D:\Sonstiges\PSI\psi.exe D:\Internet\Malwarebytes' Anti-Malware\mbam.exe D:\Sonstiges\CCleaner\CCleaner.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE D:\Internet\Seamonkey\seamonkey.exe C:\Program Files\Opera\opera.exe D:\Internet\Yahoo Messi\Messenger\YahooMessenger.exe C:\Windows\system32\SearchFilterHost.exe E:\Downloads\RSIT.exe C:\Program Files\trend micro\***.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "D:\Internet\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: syscron.exe O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AUC Helper (AUCAutostartWinService) - Unknown owner - D:\Sonstiges\AUC\AUC Autostart.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMSAccessU - Unknown owner - D:\Sonstiges\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - D:\Internet\Team Viewer\TeamViewer_Service.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 5103 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-23 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "VirtualCloneDrive"=C:\VirtualCloneDrive\VCDDaemon.exe [2009-01-30 52392] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-26 13789728] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-05-28 1468296] "itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-05-28 1501064] ""= [] " Malwarebytes Anti-Malware (reboot)"=D:\Internet\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup syscron.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-07-15 12:11:06 ----D---- C:\rsit 2010-07-15 12:11:06 ----D---- C:\Program Files\trend micro 2010-07-15 11:03:16 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-07-15 11:03:08 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-07-15 11:03:07 ----D---- C:\ProgramData\Malwarebytes 2010-07-15 11:03:07 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-07-15 10:47:37 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2010-07-15 10:47:37 ----A---- C:\Windows\system32\PresentationHost.exe 2010-07-15 10:47:37 ----A---- C:\Windows\system32\netfxperf.dll 2010-07-15 10:47:37 ----A---- C:\Windows\system32\mscoree.dll 2010-07-15 10:47:37 ----A---- C:\Windows\system32\dfshim.dll 2010-07-15 10:45:00 ----D---- C:\Windows\pss 2010-07-15 10:45:00 ----A---- C:\Windows\system32\mshtml.dll 2010-07-15 10:44:58 ----A---- C:\Windows\system32\mstime.dll 2010-07-15 10:44:58 ----A---- C:\Windows\system32\ieframe.dll 2010-07-15 10:44:57 ----A---- C:\Windows\system32\wininet.dll 2010-07-15 10:44:57 ----A---- C:\Windows\system32\urlmon.dll 2010-07-15 10:44:57 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-07-15 10:44:57 ----A---- C:\Windows\system32\jsproxy.dll 2010-07-15 10:44:57 ----A---- C:\Windows\system32\iedkcs32.dll 2010-07-15 10:44:54 ----A---- C:\Windows\system32\CPFilters.dll 2010-07-15 10:44:53 ----A---- C:\Windows\system32\msdri.dll 2010-07-15 10:44:50 ----A---- C:\Windows\system32\ntdll.dll 2010-07-15 10:44:49 ----A---- C:\Windows\system32\win32k.sys 2010-07-15 10:44:49 ----A---- C:\Windows\system32\asycfilt.dll 2010-07-15 10:44:47 ----A---- C:\Windows\system32\tzres.dll 2010-07-15 10:44:16 ----A---- C:\Windows\system32\atmlib.dll 2010-07-15 10:44:16 ----A---- C:\Windows\system32\atmfd.dll 2010-07-15 10:40:23 ----D---- C:\Users\***\AppData\Roaming\Intel Corporation 2010-07-14 17:10:04 ----D---- C:\Intel 2010-07-14 17:10:04 ----A---- C:\Windows\system32\drivers\iaStor.sys 2010-07-14 17:10:02 ----D---- C:\Users\***\AppData\Roaming\InstallShield 2010-07-14 17:10:02 ----D---- C:\Program Files\Intel 2010-07-14 17:09:54 ----D---- C:\Users\***\AppData\Roaming\WinBatch 2010-07-12 21:18:13 ----RA---- C:\Users\***\AppData\Roaming\IIF1i.txt 2010-07-08 23:34:54 ----D---- C:\Users\***\AppData\Roaming\gtk-2.0 2010-07-08 23:11:34 ----D---- C:\Users\***\AppData\Roaming\griffith 2010-07-08 22:42:34 ----A---- C:\Windows\system32\Zip32.dll 2010-07-08 22:42:34 ----A---- C:\Windows\system32\unzip32.dll 2010-07-08 22:42:34 ----A---- C:\Windows\system32\MediaInfo.dll 2010-07-08 22:42:31 ----AH---- C:\Windows\system32\ErrExplorer.dll 2010-07-08 22:42:30 ----A---- C:\Windows\system32\cmmx01.dll 2010-07-08 22:42:29 ----A---- C:\Windows\system32\stdftde.dll 2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmut11.dll 2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmpr11.dll 2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmls11.dll 2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmll11xl.dll 2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmll11.dll 2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmdw11.dll 2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmct11.dll 2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmbr11.dll 2010-07-08 22:42:28 ----D---- C:\ProgramData\M-DVD.Org V2 2010-07-08 22:42:28 ----A---- C:\Windows\system32\VB6DE.dll 2010-07-08 20:16:27 ----D---- C:\Users\***\AppData\Roaming\AUC 2010-07-07 16:05:32 ----A---- C:\Windows\system32\drivers\psi_mf.sys 2010-07-01 14:00:37 ----D---- C:\Users\***\AppData\Roaming\Broad Intelligence ======List of files/folders modified in the last 1 months====== 2010-07-15 12:11:10 ----D---- C:\Windows\Prefetch 2010-07-15 12:11:07 ----D---- C:\Windows\Temp 2010-07-15 12:11:06 ----RD---- C:\Program Files 2010-07-15 11:40:04 ----D---- C:\Windows\system32\config 2010-07-15 11:33:30 ----D---- C:\Windows\Microsoft.NET 2010-07-15 11:33:28 ----RSD---- C:\Windows\assembly 2010-07-15 11:27:01 ----D---- C:\Windows\winsxs 2010-07-15 11:26:37 ----D---- C:\Windows 2010-07-15 11:26:14 ----D---- C:\Windows\system32\drivers 2010-07-15 11:25:03 ----D---- C:\Windows\System32 2010-07-15 11:25:03 ----D---- C:\Windows\ehome 2010-07-15 11:25:03 ----D---- C:\Program Files\Internet Explorer 2010-07-15 11:25:02 ----D---- C:\Windows\system32\migration 2010-07-15 11:25:02 ----D---- C:\Windows\system32\de-DE 2010-07-15 11:25:02 ----D---- C:\Windows\AppPatch 2010-07-15 11:24:59 ----D---- C:\Windows\Vss 2010-07-15 11:03:07 ----HD---- C:\ProgramData 2010-07-15 10:47:41 ----SHD---- C:\System Volume Information 2010-07-15 10:47:40 ----D---- C:\Windows\system32\catroot 2010-07-15 10:47:33 ----D---- C:\Windows\system32\catroot2 2010-07-15 10:46:13 ----D---- C:\Windows\debug 2010-07-15 10:45:37 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-07-15 10:42:49 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-07-14 17:13:55 ----D---- C:\Users\***\AppData\Roaming\HpUpdate 2010-07-14 17:10:06 ----D---- C:\Windows\system32\DriverStore 2010-07-14 17:10:06 ----D---- C:\Windows\inf 2010-07-14 17:10:02 ----HD---- C:\Program Files\InstallShield Installation Information 2010-07-14 17:09:52 ----SHD---- C:\Windows\Installer 2010-07-14 17:09:51 ----D---- C:\Program Files\Hp 2010-07-14 17:09:35 ----D---- C:\Windows\twain_32 2010-07-13 23:12:38 ----D---- C:\Users\***\AppData\Roaming\vlc 2010-07-13 20:14:14 ----AD---- C:\ProgramData\TEMP 2010-07-12 20:45:58 ----D---- C:\Users\***\AppData\Roaming\dvdcss 2010-07-10 16:09:48 ----D---- C:\Program Files\Mozilla Firefox 2010-07-09 22:12:29 ----D---- C:\Windows\system32\NDF 2010-07-08 20:17:37 ----D---- C:\Windows\system32\Tasks 2010-07-08 14:47:56 ----D---- C:\Program Files\Opera 2010-07-02 12:39:06 ----A---- C:\Windows\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver; C:\Windows\system32\drivers\CLBStor.sys [2008-10-20 10368] R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-03 435736] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816] R2 CLBUDFR;CyberLink UDF Filesystem; C:\Windows\system32\drivers\CLBUDFR.sys [2008-10-20 154368] R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224] R3 netr73;USB-Drahtlos-802.11 b/g-Adaptertreiber für Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-07-14 545792] R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2009-05-28 30088] R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776] R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-03-02 29184] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888] S3 CrystalSysInfo;CrystalSysInfo; \??\D:\Multimedia\MediaCoder iPod Edition\SysInfo.sys [2007-09-25 15152] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-10-16 41472] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672] R2 AUCAutostartWinService;AUC Helper; D:\Sonstiges\AUC\AUC Autostart.exe [2010-05-27 97792] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-07-30 73728] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 NMSAccessU;NMSAccessU; D:\Sonstiges\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-26 211488] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 TeamViewer4;TeamViewer 4; D:\Internet\Team Viewer\TeamViewer_Service.exe [2009-03-23 185640] R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400] -----------------EOF----------------- (Und das alles, nachdem ich gestern und vorgestern alle meine über 200 Passwörter geändert habe...  ) Geändert von TroBaz (15.07.2010 um 11:31 Uhr) Grund: Bitte um verschieben.... |
|
15.07.2010, 15:00
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | syscron.exe - infizierte Dateien entfernt, nun löschen? Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
19.07.2010, 14:36
| #3 |
| | syscron.exe - infizierte Dateien entfernt, nun löschen? Vielen Dank für die Antwort und für das Wilkommen. Kann mich leider erst jetzt melden (habe seit vorgestern 2 junge Kätzchen, und die lassen mir kaum Zeit für den PC)
__________________Unter Windows habe ich nach wie vor nach Systemstart eine Virenmeldung von Antivir, dass ich im Roaming/Temp-Ordner ein Trojaner befindet, nach Löschung, komtt ein neuer (mit anderem Dateinamen) Hier die geforderten Logs: Vollscan Malewarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4315
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
16.07.2010 17:56:27
mbam-log-2010-07-16 (17-56-27).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|K:\|)
Durchsuchte Objekte: 356329
Laufzeit: 1 Stunde(n), 44 Minute(n), 4 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
E:\Documents\Sonstiges\Funny Things\Funny Mails\Exe\***.exe (Joke.VV) -> Quarantined and deleted successfully.
E:\Downloads\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\Downloads\ZwinkySetup2.3.67.1.ZJman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
I:\Sonstiges\run with parameters\rwparam-1.1.1-setup.exe (Malware.Packer) -> Quarantined and deleted successfully.
I:\System\runwithparameters.exe (Malware.Packer) -> Quarantined and deleted successfully.
I:\Internet\Anonymität\proxyi.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
Die beiden Dateien in Downloads machen mich stutzig, Antivir hatte damals beim Download nichts festgestellt. nrevös machen mich die beiden "run with parameters", welche "offensichtlich" in der Explorer-Ansicht (auch unter Linux) überhaupt nicht vorhanden sind... Hier noch die OLT Logs: Code:
ATTFilter OTL logfile created on: 16.07.2010 18:01:59 - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = E:\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48.73 Gb Total Space | 15.20 Gb Free Space | 31.19% Space Free | Partition Type: NTFS Drive D: | 112.70 Gb Total Space | 110.44 Gb Free Space | 98.00% Space Free | Partition Type: NTFS Drive E: | 97.66 Gb Total Space | 89.94 Gb Free Space | 92.10% Space Free | Partition Type: NTFS Drive F: | 390.62 Gb Total Space | 361.05 Gb Free Space | 92.43% Space Free | Partition Type: NTFS G: Drive not present or media not loaded Drive H: | 23.05 Gb Total Space | 23.02 Gb Free Space | 99.88% Space Free | Partition Type: UDF Drive I: | 149.88 Gb Total Space | 75.54 Gb Free Space | 50.40% Space Free | Partition Type: NTFS Drive K: | 83.01 Gb Total Space | 57.44 Gb Free Space | 69.20% Space Free | Partition Type: NTFS Computer Name: PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Sonstiges\PSI\psi.exe (Secunia) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - D:\Sonstiges\AUC\AUC Autostart.exe () PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Internet\Team Viewer\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - D:\Sonstiges\CDBurnerXP\NMSAccessU.exe () ========== Modules (SafeList) ========== MOD - E:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AUCAutostartWinService) -- D:\Sonstiges\AUC\AUC Autostart.exe () SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TeamViewer4) -- D:\Internet\Team Viewer\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (NMSAccessU) -- D:\Sonstiges\CDBurnerXP\NMSAccessU.exe () ========== Driver Services (SafeList) ========== DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (CLBUDFR) -- C:\Windows\System32\drivers\CLBUDFR.sys (CyberLink Corporation.) DRV - (CLBStor) -- C:\Windows\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.) DRV - (CrystalSysInfo) -- D:\Multimedia\MediaCoder iPod Edition\SysInfo.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 73 E2 08 43 C0 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:1.0.0.12 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.99 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4 FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.14 17:08:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.10 16:09:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.10 16:09:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: D:\Internet\Seamonkey\components [2010.07.08 12:33:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: D:\Internet\Seamonkey\plugins [2010.07.08 12:33:51 | 000,000,000 | ---D | M] [2010.04.15 13:43:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.03.04 18:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.04.15 13:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} [2010.07.12 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions [2010.03.04 19:20:41 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010.03.04 19:20:40 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.03.04 19:20:40 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010.07.09 14:26:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.04.17 23:08:20 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2010.03.04 19:20:40 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.05.12 11:30:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.04.17 23:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{BFB5F154-9212-46F3-B547-AC6106030A54} [2010.07.12 20:14:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.09 11:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.07.09 14:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.06.05 12:43:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.07.09 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\foxmarks@kei.com [2010.04.09 11:18:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\screencaptureelite@plugin [2010.04.16 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\YoutubeDownloader@PeterOlayev.com [2010.07.16 16:03:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions [2010.07.08 18:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010.04.16 18:13:51 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.04.17 13:03:27 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2010.07.08 18:06:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.07.15 11:47:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.15 14:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.06.04 13:30:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.04.15 14:49:33 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} [2010.04.15 14:49:27 | 000,000,000 | ---D | M] (WorldIP) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55} [2010.07.15 11:47:14 | 000,000,000 | ---D | M] (Display Mail User Agent) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{F8147CF4-B9E3-445B-AA87-081ED66548F8} [2010.04.15 14:49:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\closy@gemal.dk [2010.06.04 13:30:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\custombuttons@xsms.org [2010.07.08 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\formhistory@yahoo.com [2010.07.08 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\inspector@mozilla.org [2010.07.15 11:47:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\QuickPasswords@axelg.com [2010.02.26 14:23:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.10 16:09:46 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.10 16:09:46 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.10 16:09:46 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.10 16:09:46 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.10 16:09:46 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] D:\Internet\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [VirtualCloneDrive] C:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syscron.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.03.29 01:41:00 | 000,000,039 | ---- | M] () - I:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{10b47047-077c-11df-b041-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{10b47047-077c-11df-b041-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.16 17:01:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games [2010.07.16 16:36:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.07.16 16:08:31 | 000,000,000 | ---D | C] -- C:\Programme\Vertrix 2 [2010.07.15 12:11:06 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.07.15 12:11:06 | 000,000,000 | ---D | C] -- C:\rsit [2010.07.15 11:03:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.07.15 11:03:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.15 11:03:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.15 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.15 10:47:37 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.07.15 10:47:37 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.07.15 10:47:37 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.07.15 10:45:00 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.07.15 10:44:58 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.07.15 10:44:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.07.15 10:44:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.07.15 10:44:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.07.15 10:44:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.07.15 10:44:53 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.07.15 10:44:53 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.07.15 10:44:53 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.07.15 10:44:49 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.07.15 10:44:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.07.15 10:44:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.07.15 10:44:16 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.07.15 10:44:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.07.15 10:40:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Intel Corporation [2010.07.14 17:10:04 | 000,000,000 | ---D | C] -- C:\Intel [2010.07.14 17:10:02 | 000,000,000 | ---D | C] -- C:\Programme\Intel [2010.07.14 17:10:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield [2010.07.14 17:09:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinBatch [2010.07.13 10:48:44 | 000,000,000 | ---D | C] -- e:\Documents\Neu [2010.07.13 10:48:08 | 000,000,000 | ---D | C] -- e:\Documents\pdf24 [2010.07.09 00:01:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\posters [2010.07.08 23:34:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.07.08 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\griffith [2010.07.08 22:42:34 | 002,945,024 | ---- | C] (hxxp://mediainfo.sourceforge.net) -- C:\Windows\System32\MediaInfo.dll [2010.07.08 22:42:34 | 000,141,312 | ---- | C] (Info-ZIP) -- C:\Windows\System32\Zip32.dll [2010.07.08 22:42:34 | 000,102,400 | ---- | C] (Info-ZIP) -- C:\Windows\System32\unzip32.dll [2010.07.08 22:42:31 | 000,061,440 | -H-- | C] (SynApp GmbH) -- C:\Windows\System32\ErrExplorer.dll [2010.07.08 22:42:30 | 000,688,640 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmmx01.dll [2010.07.08 22:42:30 | 000,414,720 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll1100.lng [2010.07.08 22:42:30 | 000,349,184 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11pw.llx [2010.07.08 22:42:30 | 000,165,584 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11o.ocx [2010.07.08 22:42:29 | 002,899,968 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11.dll [2010.07.08 22:42:29 | 001,399,296 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmct11.dll [2010.07.08 22:42:29 | 001,378,304 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmls11.dll [2010.07.08 22:42:29 | 000,893,952 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmbr11.dll [2010.07.08 22:42:29 | 000,739,328 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmdw11.dll [2010.07.08 22:42:29 | 000,684,032 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11xl.dll [2010.07.08 22:42:29 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx [2010.07.08 22:42:29 | 000,489,128 | ---- | C] (ComponentOne) -- C:\Windows\System32\Vsflex7.ocx [2010.07.08 22:42:29 | 000,416,528 | ---- | C] (Microsoft Corporation ) -- C:\Windows\System32\comct332.ocx [2010.07.08 22:42:29 | 000,351,232 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmpr11.dll [2010.07.08 22:42:29 | 000,337,920 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmut11.dll [2010.07.08 22:42:29 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabctl32.ocx [2010.07.08 22:42:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stdftde.dll [2010.07.08 22:42:28 | 001,009,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mschrt20.ocx [2010.07.08 22:42:28 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSHFLXGD.OCX [2010.07.08 22:42:28 | 000,166,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmask32.ocx [2010.07.08 22:42:28 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx [2010.07.08 22:42:28 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.dll [2010.07.08 22:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\M-DVD.Org V2 [2010.07.08 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AUC [2010.07.07 16:05:32 | 000,014,904 | ---- | C] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys [2010.07.01 14:00:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Broad Intelligence ========== Files - Modified Within 30 Days ========== [2010.07.16 17:59:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.16 17:59:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.16 17:58:58 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys [2010.07.16 17:58:09 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.07.16 17:57:59 | 006,093,368 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.07.16 16:38:19 | 002,278,190 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.16 16:38:19 | 000,621,350 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.16 16:38:19 | 000,008,816 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.16 16:03:31 | 000,000,668 | ---- | M] () -- C:\Users\***\Desktop\Waldmeister Sause Winteredition (Gratisversion).lnk [2010.07.16 15:56:56 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.16 15:56:56 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.15 11:53:05 | 000,023,612 | ---- | M] () -- C:\Users\***\Desktop\cab_banane.jpg [2010.07.15 11:26:42 | 000,303,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.15 11:03:10 | 000,000,662 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.14 17:08:43 | 000,023,687 | ---- | M] () -- C:\Windows\hpqins15.dat [2010.07.13 10:44:41 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2010.07.12 22:45:56 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\ABC Amber SeaMonkey Converter.lnk [2010.07.11 15:09:51 | 000,000,673 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk [2010.07.09 16:07:07 | 000,000,218 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.07.09 00:02:10 | 000,032,603 | ---- | M] () -- C:\Users\***\Desktop\griffith_list.xml [2010.07.09 00:01:59 | 000,013,876 | ---- | M] () -- C:\Users\***\Desktop\page_1.htm [2010.07.09 00:01:59 | 000,001,799 | ---- | M] () -- C:\Users\***\Desktop\gray.css [2010.07.09 00:00:52 | 000,004,239 | ---- | M] () -- C:\Users\***\Desktop\griffith_simple_list.pdf [2010.07.08 23:11:23 | 000,000,630 | ---- | M] () -- C:\Users\***\Desktop\Griffith.lnk [2010.07.08 23:00:50 | 002,064,384 | ---- | M] () -- e:\Documents\M-DVD_Org.db [2010.07.08 22:42:36 | 000,000,743 | ---- | M] () -- C:\Users\***\Desktop\M-DVD.Org V2.lnk [2010.07.08 20:18:43 | 000,000,678 | ---- | M] () -- C:\Users\***\Desktop\Magic MP3 Tagger.lnk [2010.07.08 13:35:44 | 000,000,036 | ---- | M] () -- C:\Users\***\.33a11c88 [2010.07.07 16:05:32 | 000,014,904 | ---- | M] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys [2010.06.30 18:04:43 | 000,029,520 | ---- | M] () -- e:\Documents\Gmail - ***.mht ========== Files Created - No Company Name ========== [2010.07.16 16:03:31 | 000,000,668 | ---- | C] () -- C:\Users\***\Desktop\Waldmeister Sause Winteredition (Gratisversion).lnk [2010.07.15 11:53:05 | 000,023,612 | ---- | C] () -- C:\Users\***\Desktop\cab_banane.jpg [2010.07.15 11:03:10 | 000,000,662 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.14 17:08:11 | 000,023,687 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.07.13 10:44:41 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2010.07.12 22:45:56 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\ABC Amber SeaMonkey Converter.lnk [2010.07.12 21:18:13 | 000,000,000 | R--- | C] () -- C:\Users\***\AppData\Roaming\IIF1i.txt [2010.07.11 15:09:51 | 000,000,673 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk [2010.07.09 16:07:07 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.07.09 14:33:27 | 000,029,520 | ---- | C] () -- e:\Documents\Gmail - ***.mht [2010.07.09 00:02:10 | 000,032,603 | ---- | C] () -- C:\Users\***\Desktop\griffith_list.xml [2010.07.09 00:01:59 | 000,013,876 | ---- | C] () -- C:\Users\***\Desktop\page_1.htm [2010.07.09 00:01:59 | 000,001,799 | ---- | C] () -- C:\Users\***\Desktop\gray.css [2010.07.09 00:00:52 | 000,004,239 | ---- | C] () -- C:\Users\***\Desktop\griffith_simple_list.pdf [2010.07.08 23:11:23 | 000,000,630 | ---- | C] () -- C:\Users\***\Desktop\Griffith.lnk [2010.07.08 22:52:40 | 002,064,384 | ---- | C] () -- e:\Documents\M-DVD_Org.db [2010.07.08 22:42:36 | 000,000,743 | ---- | C] () -- C:\Users\***\Desktop\M-DVD.Org V2.lnk [2010.07.08 22:42:34 | 000,675,840 | ---- | C] () -- C:\Windows\System32\AudioGenie2.ocx [2010.07.08 22:42:30 | 001,161,492 | ---- | C] () -- C:\Windows\System32\cmLL1100.chm [2010.07.08 22:42:30 | 000,425,984 | ---- | C] () -- C:\Windows\System32\cmmx0100.lng [2010.07.08 20:18:43 | 000,000,678 | ---- | C] () -- C:\Users\***\Desktop\Magic MP3 Tagger.lnk [2010.07.08 13:35:44 | 000,000,036 | ---- | C] () -- C:\Users\***\.33a11c88 [2010.04.05 17:32:41 | 000,000,295 | ---- | C] () -- C:\Windows\lgfwup.ini [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:D4BB0AD6 @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:35A81752 @Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:B1FBA7E1 @Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:66AA0486 @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:ED2998F5 < End of report > Code:
ATTFilter OTL logfile created on: 16.07.2010 18:01:59 - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = E:\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48.73 Gb Total Space | 15.20 Gb Free Space | 31.19% Space Free | Partition Type: NTFS Drive D: | 112.70 Gb Total Space | 110.44 Gb Free Space | 98.00% Space Free | Partition Type: NTFS Drive E: | 97.66 Gb Total Space | 89.94 Gb Free Space | 92.10% Space Free | Partition Type: NTFS Drive F: | 390.62 Gb Total Space | 361.05 Gb Free Space | 92.43% Space Free | Partition Type: NTFS G: Drive not present or media not loaded Drive H: | 23.05 Gb Total Space | 23.02 Gb Free Space | 99.88% Space Free | Partition Type: UDF Drive I: | 149.88 Gb Total Space | 75.54 Gb Free Space | 50.40% Space Free | Partition Type: NTFS Drive K: | 83.01 Gb Total Space | 57.44 Gb Free Space | 69.20% Space Free | Partition Type: NTFS Computer Name: PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Sonstiges\PSI\psi.exe (Secunia) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - D:\Sonstiges\AUC\AUC Autostart.exe () PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Internet\Team Viewer\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - D:\Sonstiges\CDBurnerXP\NMSAccessU.exe () ========== Modules (SafeList) ========== MOD - E:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AUCAutostartWinService) -- D:\Sonstiges\AUC\AUC Autostart.exe () SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TeamViewer4) -- D:\Internet\Team Viewer\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (NMSAccessU) -- D:\Sonstiges\CDBurnerXP\NMSAccessU.exe () ========== Driver Services (SafeList) ========== DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (CLBUDFR) -- C:\Windows\System32\drivers\CLBUDFR.sys (CyberLink Corporation.) DRV - (CLBStor) -- C:\Windows\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.) DRV - (CrystalSysInfo) -- D:\Multimedia\MediaCoder iPod Edition\SysInfo.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 73 E2 08 43 C0 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:1.0.0.12 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.99 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4 FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.14 17:08:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.10 16:09:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.10 16:09:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: D:\Internet\Seamonkey\components [2010.07.08 12:33:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: D:\Internet\Seamonkey\plugins [2010.07.08 12:33:51 | 000,000,000 | ---D | M] [2010.04.15 13:43:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.03.04 18:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.04.15 13:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} [2010.07.12 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions [2010.03.04 19:20:41 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010.03.04 19:20:40 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.03.04 19:20:40 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010.07.09 14:26:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.04.17 23:08:20 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2010.03.04 19:20:40 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.05.12 11:30:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.04.17 23:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{BFB5F154-9212-46F3-B547-AC6106030A54} [2010.07.12 20:14:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.09 11:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.07.09 14:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.06.05 12:43:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.07.09 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\foxmarks@kei.com [2010.04.09 11:18:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\screencaptureelite@plugin [2010.04.16 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\YoutubeDownloader@PeterOlayev.com [2010.07.16 16:03:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions [2010.07.08 18:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010.04.16 18:13:51 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.04.17 13:03:27 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2010.07.08 18:06:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.07.15 11:47:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.15 14:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.06.04 13:30:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.04.15 14:49:33 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} [2010.04.15 14:49:27 | 000,000,000 | ---D | M] (WorldIP) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55} [2010.07.15 11:47:14 | 000,000,000 | ---D | M] (Display Mail User Agent) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{F8147CF4-B9E3-445B-AA87-081ED66548F8} [2010.04.15 14:49:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\closy@gemal.dk [2010.06.04 13:30:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\custombuttons@xsms.org [2010.07.08 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\formhistory@yahoo.com [2010.07.08 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\inspector@mozilla.org [2010.07.15 11:47:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\QuickPasswords@axelg.com [2010.02.26 14:23:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.10 16:09:46 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.10 16:09:46 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.10 16:09:46 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.10 16:09:46 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.10 16:09:46 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] D:\Internet\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [VirtualCloneDrive] C:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syscron.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.03.29 01:41:00 | 000,000,039 | ---- | M] () - I:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{10b47047-077c-11df-b041-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{10b47047-077c-11df-b041-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.16 17:01:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games [2010.07.16 16:36:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.07.16 16:08:31 | 000,000,000 | ---D | C] -- C:\Programme\Vertrix 2 [2010.07.15 12:11:06 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.07.15 12:11:06 | 000,000,000 | ---D | C] -- C:\rsit [2010.07.15 11:03:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.07.15 11:03:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.15 11:03:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.15 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.15 10:47:37 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.07.15 10:47:37 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.07.15 10:47:37 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.07.15 10:45:00 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.07.15 10:44:58 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.07.15 10:44:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.07.15 10:44:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.07.15 10:44:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.07.15 10:44:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.07.15 10:44:53 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.07.15 10:44:53 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.07.15 10:44:53 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.07.15 10:44:49 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.07.15 10:44:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.07.15 10:44:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.07.15 10:44:16 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.07.15 10:44:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.07.15 10:40:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Intel Corporation [2010.07.14 17:10:04 | 000,000,000 | ---D | C] -- C:\Intel [2010.07.14 17:10:02 | 000,000,000 | ---D | C] -- C:\Programme\Intel [2010.07.14 17:10:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield [2010.07.14 17:09:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinBatch [2010.07.13 10:48:44 | 000,000,000 | ---D | C] -- e:\Documents\Neu [2010.07.13 10:48:08 | 000,000,000 | ---D | C] -- e:\Documents\pdf24 [2010.07.09 00:01:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\posters [2010.07.08 23:34:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.07.08 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\griffith [2010.07.08 22:42:34 | 002,945,024 | ---- | C] (hxxp://mediainfo.sourceforge.net) -- C:\Windows\System32\MediaInfo.dll [2010.07.08 22:42:34 | 000,141,312 | ---- | C] (Info-ZIP) -- C:\Windows\System32\Zip32.dll [2010.07.08 22:42:34 | 000,102,400 | ---- | C] (Info-ZIP) -- C:\Windows\System32\unzip32.dll [2010.07.08 22:42:31 | 000,061,440 | -H-- | C] (SynApp GmbH) -- C:\Windows\System32\ErrExplorer.dll [2010.07.08 22:42:30 | 000,688,640 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmmx01.dll [2010.07.08 22:42:30 | 000,414,720 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll1100.lng [2010.07.08 22:42:30 | 000,349,184 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11pw.llx [2010.07.08 22:42:30 | 000,165,584 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11o.ocx [2010.07.08 22:42:29 | 002,899,968 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11.dll [2010.07.08 22:42:29 | 001,399,296 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmct11.dll [2010.07.08 22:42:29 | 001,378,304 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmls11.dll [2010.07.08 22:42:29 | 000,893,952 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmbr11.dll [2010.07.08 22:42:29 | 000,739,328 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmdw11.dll [2010.07.08 22:42:29 | 000,684,032 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11xl.dll [2010.07.08 22:42:29 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx [2010.07.08 22:42:29 | 000,489,128 | ---- | C] (ComponentOne) -- C:\Windows\System32\Vsflex7.ocx [2010.07.08 22:42:29 | 000,416,528 | ---- | C] (Microsoft Corporation ) -- C:\Windows\System32\comct332.ocx [2010.07.08 22:42:29 | 000,351,232 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmpr11.dll [2010.07.08 22:42:29 | 000,337,920 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmut11.dll [2010.07.08 22:42:29 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabctl32.ocx [2010.07.08 22:42:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stdftde.dll [2010.07.08 22:42:28 | 001,009,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mschrt20.ocx [2010.07.08 22:42:28 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSHFLXGD.OCX [2010.07.08 22:42:28 | 000,166,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmask32.ocx [2010.07.08 22:42:28 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx [2010.07.08 22:42:28 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.dll [2010.07.08 22:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\M-DVD.Org V2 [2010.07.08 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AUC [2010.07.07 16:05:32 | 000,014,904 | ---- | C] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys [2010.07.01 14:00:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Broad Intelligence ========== Files - Modified Within 30 Days ========== [2010.07.16 17:59:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.16 17:59:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.16 17:58:58 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys [2010.07.16 17:58:09 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.07.16 17:57:59 | 006,093,368 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.07.16 16:38:19 | 002,278,190 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.16 16:38:19 | 000,621,350 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.16 16:38:19 | 000,008,816 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.16 16:03:31 | 000,000,668 | ---- | M] () -- C:\Users\***\Desktop\Waldmeister Sause Winteredition (Gratisversion).lnk [2010.07.16 15:56:56 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.16 15:56:56 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.15 11:53:05 | 000,023,612 | ---- | M] () -- C:\Users\***\Desktop\cab_banane.jpg [2010.07.15 11:26:42 | 000,303,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.15 11:03:10 | 000,000,662 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.14 17:08:43 | 000,023,687 | ---- | M] () -- C:\Windows\hpqins15.dat [2010.07.13 10:44:41 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2010.07.12 22:45:56 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\ABC Amber SeaMonkey Converter.lnk [2010.07.11 15:09:51 | 000,000,673 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk [2010.07.09 16:07:07 | 000,000,218 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.07.09 00:02:10 | 000,032,603 | ---- | M] () -- C:\Users\***\Desktop\griffith_list.xml [2010.07.09 00:01:59 | 000,013,876 | ---- | M] () -- C:\Users\***\Desktop\page_1.htm [2010.07.09 00:01:59 | 000,001,799 | ---- | M] () -- C:\Users\***\Desktop\gray.css [2010.07.09 00:00:52 | 000,004,239 | ---- | M] () -- C:\Users\***\Desktop\griffith_simple_list.pdf [2010.07.08 23:11:23 | 000,000,630 | ---- | M] () -- C:\Users\***\Desktop\Griffith.lnk [2010.07.08 23:00:50 | 002,064,384 | ---- | M] () -- e:\Documents\M-DVD_Org.db [2010.07.08 22:42:36 | 000,000,743 | ---- | M] () -- C:\Users\***\Desktop\M-DVD.Org V2.lnk [2010.07.08 20:18:43 | 000,000,678 | ---- | M] () -- C:\Users\***\Desktop\Magic MP3 Tagger.lnk [2010.07.08 13:35:44 | 000,000,036 | ---- | M] () -- C:\Users\***\.33a11c88 [2010.07.07 16:05:32 | 000,014,904 | ---- | M] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys [2010.06.30 18:04:43 | 000,029,520 | ---- | M] () -- e:\Documents\Gmail - ***.mht ========== Files Created - No Company Name ========== [2010.07.16 16:03:31 | 000,000,668 | ---- | C] () -- C:\Users\***\Desktop\Waldmeister Sause Winteredition (Gratisversion).lnk [2010.07.15 11:53:05 | 000,023,612 | ---- | C] () -- C:\Users\***\Desktop\cab_banane.jpg [2010.07.15 11:03:10 | 000,000,662 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.14 17:08:11 | 000,023,687 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.07.13 10:44:41 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2010.07.12 22:45:56 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\ABC Amber SeaMonkey Converter.lnk [2010.07.12 21:18:13 | 000,000,000 | R--- | C] () -- C:\Users\***\AppData\Roaming\IIF1i.txt [2010.07.11 15:09:51 | 000,000,673 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk [2010.07.09 16:07:07 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.07.09 14:33:27 | 000,029,520 | ---- | C] () -- e:\Documents\Gmail - ***.mht [2010.07.09 00:02:10 | 000,032,603 | ---- | C] () -- C:\Users\***\Desktop\griffith_list.xml [2010.07.09 00:01:59 | 000,013,876 | ---- | C] () -- C:\Users\***\Desktop\page_1.htm [2010.07.09 00:01:59 | 000,001,799 | ---- | C] () -- C:\Users\***\Desktop\gray.css [2010.07.09 00:00:52 | 000,004,239 | ---- | C] () -- C:\Users\***\Desktop\griffith_simple_list.pdf [2010.07.08 23:11:23 | 000,000,630 | ---- | C] () -- C:\Users\***\Desktop\Griffith.lnk [2010.07.08 22:52:40 | 002,064,384 | ---- | C] () -- e:\Documents\M-DVD_Org.db [2010.07.08 22:42:36 | 000,000,743 | ---- | C] () -- C:\Users\***\Desktop\M-DVD.Org V2.lnk [2010.07.08 22:42:34 | 000,675,840 | ---- | C] () -- C:\Windows\System32\AudioGenie2.ocx [2010.07.08 22:42:30 | 001,161,492 | ---- | C] () -- C:\Windows\System32\cmLL1100.chm [2010.07.08 22:42:30 | 000,425,984 | ---- | C] () -- C:\Windows\System32\cmmx0100.lng [2010.07.08 20:18:43 | 000,000,678 | ---- | C] () -- C:\Users\***\Desktop\Magic MP3 Tagger.lnk [2010.07.08 13:35:44 | 000,000,036 | ---- | C] () -- C:\Users\***\.33a11c88 [2010.04.05 17:32:41 | 000,000,295 | ---- | C] () -- C:\Windows\lgfwup.ini [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:D4BB0AD6 @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:35A81752 @Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:B1FBA7E1 @Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:66AA0486 @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:ED2998F5 < End of report > LG |
|
19.07.2010, 21:40
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syscron.exe - infizierte Dateien entfernt, nun löschen? Ist rel. unauffällig, am besten jetzt mal CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.07.2010, 11:00
| #5 |
| | syscron.exe - infizierte Dateien entfernt, nun löschen? Moin Moin Hach.. die "syscron.exe" ist nun weg und die besagte Virenmeldung nach Systemstart ebenfalls *freu* Hier nun der Log von ComboFix: Code:
ATTFilter ComboFix 10-07-19.02 - *** 20.07.2010 11:44:28.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.41.1031.18.3327.2406 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\cofi.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syscron.exe c:\windows\system32\VB6KO.DLL c:\windows\system32\zip32.dll I:\Autorun.inf . ((((((((((((((((((((((( Dateien erstellt von 2010-06-20 bis 2010-07-20 )))))))))))))))))))))))))))))) . 2010-07-20 09:49 . 2010-07-20 09:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-16 15:01 . 2010-07-16 15:02 -------- d-----w- c:\users\***\AppData\Local\Microsoft Games 2010-07-16 14:36 . 2010-07-16 14:36 -------- d-----w- c:\program files\Microsoft.NET 2010-07-16 14:08 . 2010-07-16 14:08 -------- d-----w- c:\program files\Vertrix 2 2010-07-15 10:11 . 2010-07-15 10:11 -------- d-----w- C:\rsit 2010-07-15 10:11 . 2010-07-15 10:11 -------- d-----w- c:\program files\trend micro 2010-07-15 09:03 . 2010-07-15 09:03 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes 2010-07-15 09:03 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-15 09:03 . 2010-07-15 09:03 -------- d-----w- c:\programdata\Malwarebytes 2010-07-15 09:03 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-15 08:47 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-07-15 08:47 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-07-15 08:47 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-07-15 08:47 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-07-15 08:47 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-07-15 08:40 . 2010-07-15 08:40 -------- d-----w- c:\users\***\AppData\Roaming\Intel Corporation 2010-07-14 15:10 . 2010-07-14 15:10 -------- d-----w- C:\Intel 2010-07-14 15:10 . 2010-07-14 15:10 -------- d-----w- c:\program files\Intel 2010-07-14 15:10 . 2010-07-14 15:10 -------- d-----w- c:\users\***\AppData\Roaming\InstallShield 2010-07-14 15:09 . 2010-07-14 15:09 -------- d-----w- c:\users\***\AppData\Roaming\WinBatch 2010-07-14 15:08 . 2010-07-14 15:08 23687 ----a-w- c:\windows\hpqins15.dat 2010-07-08 21:34 . 2010-07-08 22:02 -------- d-----w- c:\users\***\AppData\Roaming\gtk-2.0 2010-07-08 21:11 . 2010-07-09 19:51 -------- d-----w- c:\users\***\AppData\Roaming\griffith 2010-07-08 18:16 . 2010-07-09 13:05 -------- d-----w- c:\users\***\AppData\Roaming\AUC 2010-07-08 17:38 . 2009-05-26 16:43 1710392 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe 2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys 2010-07-01 12:00 . 2010-07-01 12:00 -------- d-----w- c:\users\***\AppData\Roaming\Broad Intelligence . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-16 14:38 . 2009-07-14 08:47 621350 ----a-w- c:\windows\system32\perfc007.dat 2010-07-16 14:38 . 2009-07-14 08:47 2278190 ----a-w- c:\windows\system32\perfh007.dat 2010-07-14 15:13 . 2010-03-05 15:58 -------- d-----w- c:\users\***\AppData\Roaming\HpUpdate 2010-07-14 15:10 . 2010-04-05 15:29 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-14 15:09 . 2010-03-05 15:58 -------- d-----w- c:\program files\Hp 2010-07-13 21:12 . 2010-04-06 09:44 -------- d-----w- c:\users\***\AppData\Roaming\vlc 2010-07-13 20:27 . 2010-01-23 18:53 1 ----a-w- c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-07-12 18:45 . 2010-01-23 14:07 -------- d-----w- c:\users\***\AppData\Roaming\dvdcss 2010-07-08 20:42 . 2010-07-08 20:42 -------- d-----w- c:\programdata\M-DVD.Org V2 2010-07-08 12:47 . 2010-03-13 22:11 -------- d-----w- c:\program files\Opera 2010-05-27 07:24 . 2010-07-15 08:44 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49 . 2010-07-15 08:44 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 12:14 . 2010-01-22 17:55 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-21 05:18 . 2010-07-15 08:44 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-09 09:14 . 2010-07-15 08:44 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-05-09 09:14 . 2010-07-15 08:44 417792 ----a-w- c:\windows\system32\msdri.dll 2010-05-01 14:49 . 2010-07-15 08:44 2326528 ----a-w- c:\windows\system32\win32k.sys 2010-04-23 07:13 . 2010-07-15 08:44 2048 ----a-w- c:\windows\system32\tzres.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "VirtualCloneDrive"="c:\virtualclonedrive\VCDDaemon.exe" [2009-01-29 52392] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 13789728] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 1468296] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-28 1501064] " Malwarebytes Anti-Malware (reboot)"="d:\internet\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv R2 AUCAutostartWinService;AUC Helper;d:\sonstiges\AUC\AUC Autostart.exe [2010-05-27 97792] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400] S0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 CLBUDFR;CyberLink UDF Filesystem; [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] S2 TeamViewer4;TeamViewer 4;d:\internet\Team Viewer\TeamViewer_Service.exe [2009-03-23 185640] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408] S3 netr73;USB-Drahtlos-802.11 b/g-Adaptertreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-07-30 08:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g0dei4ie.default\ FF - plugin: d:\internet\Opera\program\plugins\NPSWF32.dll FF - plugin: d:\multimedia\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: d:\multimedia\VLC Player\npvlc.dll ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2010-07-20 11:50:27 ComboFix-quarantined-files.txt 2010-07-20 09:50 Vor Suchlauf: 10 Verzeichnis(se), 16'242'094'080 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 16'157'777'920 Bytes frei - - End Of File - - D5BE7C4A6F08C07F33644BABBD7A53F0 Und hast du ne Ahnung, wie resp. woher ich mir den aufgeschnappt haben könnte? (Ich glaub ich steig zum Surfen nun doch wieder komplett auf Linux um.....  )Vielen Dank für die Bemühungen und liebe Grüsse |
|
21.07.2010, 17:19
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syscron.exe - infizierte Dateien entfernt, nun löschen? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ --> syscron.exe - infizierte Dateien entfernt, nun löschen? |
|
24.07.2010, 13:30
| #7 |
| | syscron.exe - infizierte Dateien entfernt, nun löschen? TZia, da sind leider Veränderungen im MBR (hab jetzt aber noch nichts weiter gemacht...) Aber erst mal der Reihe nach: Der Log von GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-24 14:12:42
Windows 6.1.7600
Running: lzgp7gun.exe; Driver: C:\Users\***\AppData\Local\Temp\ugrdifoc.sys
---- System - GMER 1.0.15 ----
SSDT 8054ECEC ZwCreateThread
SSDT 8054ECD8 ZwOpenProcess
SSDT 8054ECDD ZwOpenThread
SSDT 8054ECE7 ZwTerminateProcess
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83041AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83041104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830413F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302A2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83029898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830411DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83041958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830416F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83041F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830421A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C5A599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7EF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82C8685C 4 Bytes [EC, EC, 54, 80]
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82C869F8 4 Bytes [D8, EC, 54, 80]
.text ntkrnlpa.exe!RtlSidHashLookup + 508 82C86A18 4 Bytes JMP D7B5479F
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82C86CC8 4 Bytes [E7, EC, 54, 80]
.text peauth.sys A181CC9D 28 Bytes [4F, 22, CE, 95, 6A, D6, 09, ...]
.text peauth.sys A181CCC1 28 Bytes [4F, 22, CE, 95, 6A, D6, 09, ...]
PAGE peauth.sys A1822E20 101 Bytes [A4, F0, 9F, C8, 9D, 08, 94, ...]
PAGE peauth.sys A182302C 102 Bytes [07, F5, A5, 14, BE, 26, 27, ...]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D02494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CE5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CE56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D0250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CF8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CF4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CF50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CF51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73CF66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CF82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CF8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CF907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CFE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73CF4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume12 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume13 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume14 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume15 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:4180] A209FF2E
---- EOF - GMER 1.0.15 ----
Der Log von OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:19:05 on 24.07.2010 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Opera Software Opera Internet Browser 10.60 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "CrystalSysInfo" (CrystalSysInfo) - ? - D:\Multimedia\MediaCoder iPod Edition\SysInfo.sys (File found, but it contains no detailed information) "CyberLink InstantBurn UDF Reader Help Driver" (CLBStor) - "Cyberlink Co.,Ltd." - C:\Windows\system32\drivers\CLBStor.sys "CyberLink UDF Filesystem" (CLBUDFR) - "CyberLink Corporation." - C:\Windows\system32\drivers\CLBUDFR.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "ugrdifoc" (ugrdifoc) - ? - C:\Users\***\AppData\Local\Temp\ugrdifoc.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Office\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplact.dll {124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll {ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll {111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll {1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll {A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll {97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Multimedia\iTunes\iTunesMiniPlayer.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Office\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Office\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Office\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Office\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\VirtualCloneDrive\ElbyVCDShell.dll {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll {20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "IntelliPoint" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" "itype" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliType Pro\itype.exe" " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "D:\Internet\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\VirtualCloneDrive\VCDDaemon.exe" /s [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "AUC Helper" (AUCAutostartWinService) - ? - D:\Sonstiges\AUC\AUC Autostart.exe (File found, but it contains no detailed information) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NMSAccessU" (NMSAccessU) - ? - D:\Sonstiges\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - D:\Internet\Team Viewer\TeamViewer_Service.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Soll ich da jetzt was spezielles machen? LG |
|
26.07.2010, 14:45
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syscron.exe - infizierte Dateien entfernt, nun löschen? Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren! Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok. Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen: Code:
ATTFilter remover.exe dump \\.\PhysicalDrive0 c:\mbr.dat
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2010, 11:47
| #9 |
| | syscron.exe - infizierte Dateien entfernt, nun löschen? Vielen Dank für die schnellen und kompetenten Reaktionen! Die MBR.dat is nun hochgeladen! LG |
|
27.07.2010, 13:29
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syscron.exe - infizierte Dateien entfernt, nun löschen? Dann jetzt wieder die Konsole starten über Start, Ausführen, cmd eintippen, ok. Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen: Code:
ATTFilter remover.exe fix \\.\PhysicalDrive0
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2010, 15:05
| #11 |
| | syscron.exe - infizierte Dateien entfernt, nun löschen? OK, erledigt... GRUB zerschossen *grins*, MBR musste neu repariert werden von Windows, nu muss ich erst mal GRUB nach installieren... Wollte sowieso System neu aufsetzen, aber zu erst wollte ich dringend in Erfahrung bringen, was ich mir da für ein Mistvieh eingefangen habe, und wie ich es wieder los werde. Muss ich jetzt wieder was scannen, oder ist es nun wirklich weg? Und wie gesagt: Weiss man schon was näheres, woher er kommt und wie der Virus "per se " heisst? Danke vielmal und liebe Grüsse |
|
27.07.2010, 15:21
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syscron.exe - infizierte Dateien entfernt, nun löschen? Oh, Du hast ja Linux auch drauf, dann ist der MBR natürlich anders Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2010, 15:31
| #13 | |
| | syscron.exe - infizierte Dateien entfernt, nun löschen?Zitat:
 , aber vielleicht weisst du ja sonst was über den bösen Buben da.. hätte ja sein können Brauchst du sonst noch irgendwas für die Analysen und so? Oder kann man davon ausgehen, dass Virus nun weg ist? Nicht das ich jetzt mit einem Re-Install vom GRUB alles versemmel Geändert von TroBaz (27.07.2010 um 15:39 Uhr) |
|
27.07.2010, 15:39
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syscron.exe - infizierte Dateien entfernt, nun löschen?Zitat:
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2010, 17:26
| #15 |
| | syscron.exe - infizierte Dateien entfernt, nun löschen? Mist... da is schon wieder was... HIer die Logs: Malwarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4357
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27.07.2010 17:43:52
mbam-log-2010-07-27 (17-43-52).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 302593
Laufzeit: 52 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Roaming\usernt.dat (Malware.Trace) -> No action taken.
und hier der "cleane" Super-Log: Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 07/27/2010 bei 06:20 PM
Version der Applikation : 4.41.1000
Version der Kern-Datenbank : 5272
Version der Spur-Datenbank : 3084
Scan Art : kompletter Scann
Totale Scann-Zeit : 00:33:43
Gescannte Speicherelemente : 316
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 8018
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 38139
Erfasste Datei-Elemente : 0
|
|
| Themen zu syscron.exe - infizierte Dateien entfernt, nun löschen? |
| antivir, antivir guard, avg, avgntflt.sys, avira, bho, bonjour, browser, cdburnerxp, desktop, explorer, g lösche, helper, hijack.startmenu, hijackthis, home, home premium, infizierte, infizierte dateien, installation, logfile, löschen?, mozilla, neustart, nicht gefunden, plug-in, problem, problem beim starten von c, problem beim starten von c:, programdata, realtek, rundll, software, start menu, starten, svchost.exe, system, team viewer, trojan.agent.ge, vista, windows 7 home, windows 7 home premium, wscript.exe |
syscron.exe - infizierte Dateien entfernt, nun löschen?
Linear-Darstellung
