Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37

Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37


Plagegeister aller Art und deren Bekämpfung: Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.11.2010, 20:43   #1
richarddaw
 
Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37 - Icon17

Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37


Hallo, ich bin eine Neuling und brauche dringend Hilfe!

zu meinem Problem: Ich habe heute in der Früh meinen Computer eingeschaltet und das Ding hat nicht mehr aufgehört zu piesen! Der Virenscanner ANTIVIR (mit aktuellen Daten) hat den Virus TR/Spy.2614272.6 in c:/windows/explorer.exe und TR/Spy.96256.37 in c:/windows/System32/wininit.exe gefunden. Ich habe die vergeschlagene Aktion mit "Datei Zugriff verweigern" bestätigt und seither geht nichts mehr! Der Bildschirm ist schwarz! Ich kann den TASKMANAGER öffnen aber, über neuen Task nicht mehr den Explorer starten. Bisher ging es zumindest im abgesicherten Modus. Da habe ich alles gefunden. Mittlerweile ist auch im abges. Modus der Bildschirm schwarz.

Habe dann den ganzen Tag im Internet gesucht und verschiedene Programme probiert:
- Spyboot
- Trojan Remover 6.8.2.0
- windows-kb890830-v3.12

nichts hat funktioniert! Der Virus wurde zwar mehrmals gefunden und auch entfernt (!!??), geändert hat das aber nichts! Ich habe dann mit OTL ein Speicherabbild wie folgt gemacht:

OTL logfile created on: 02.11.2010 20:26:16 - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = H:\
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 133,14 Gb Free Space | 22,91% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,93 Gb Free Space | 19,54% Space Free | Partition Type: FAT32
Drive G: | 298,02 Gb Total Space | 98,01 Gb Free Space | 32,89% Space Free | Partition Type: FAT32
Drive H: | 14,90 Gb Total Space | 14,76 Gb Free Space | 99,05% Space Free | Partition Type: FAT32
Drive K: | 3,62 Gb Total Space | 0,00 Gb Free Space | 0,14% Space Free | Partition Type: FAT32

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.10.31 20:04:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2010.09.19 17:49:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.06.24 14:11:33 | 002,450,696 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2010.05.14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010.04.02 15:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Programme\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009.12.25 09:51:59 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.12.25 09:51:59 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.10.12 10:46:34 | 000,087,336 | ---- | M] (Nero AG) -- C:\Programme\Motorola Media Link\NServiceEntry.exe
PRC - [2009.10.07 14:27:44 | 000,376,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Home Server\WHSConnector.exe
PRC - [2009.10.07 14:27:44 | 000,097,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Home Server\esClient.exe
PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:45 | 000,096,256 | ---- | M] () -- C:\Windows\System32\wininit.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008.07.25 05:48:38 | 000,062,912 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAC4RPK.EXE
PRC - [2008.07.14 05:09:28 | 000,073,464 | ---- | M] (COMODO) -- C:\Programme\Comodo\CBOClean\BOCore.exe


========== Modules (SafeList) ==========

MOD - [2010.10.31 20:04:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.06.24 14:11:33 | 002,450,696 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.06.02 20:01:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.05.14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.25 09:51:59 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.12.25 09:51:59 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.15 21:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.11.27 16:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.10.12 10:46:34 | 000,087,336 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2009.10.07 14:28:24 | 000,239,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2009.10.07 14:27:44 | 000,376,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2009.10.07 14:27:44 | 000,097,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.07.14 05:09:28 | 000,073,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\Comodo\CBOClean\BOCore.exe -- (BOCore)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nvmf6232.sys -- (NVNET)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.04.03 21:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.04.01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.12 16:42:42 | 000,844,064 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2010.01.28 15:25:03 | 000,068,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.01.25 18:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009.12.25 09:51:59 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.12.25 09:51:59 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.25 09:51:59 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.17 23:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009.12.12 17:58:19 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.11.12 22:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009.10.27 11:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009.08.09 22:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.06.28 23:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.06.19 15:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2009.04.22 12:46:42 | 003,482,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.08 21:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2009.01.29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009.01.29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.11.02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007.10.24 10:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2007.05.29 11:23:58 | 000,094,208 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\camfilt2.sys -- (camfilt2)
DRV - [2007.04.17 15:14:10 | 000,015,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Comodo\CBOClean\BOCDRIVE.SYS -- (BOCDRIVE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kaerntner-haus.at/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google und Download-Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.85
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.1.1
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732


FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.01 09:54:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.16 09:45:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010.09.16 09:45:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.09.16 13:49:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.02 16:08:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.02 16:08:30 | 000,000,000 | ---D | M]

[2009.11.20 13:07:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.10.01 08:01:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions\sz@mast.er
[2010.11.02 10:07:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zqgxbm7p.default\extensions
[2010.08.27 09:06:44 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zqgxbm7p.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.07.06 13:35:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zqgxbm7p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.27 09:06:45 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zqgxbm7p.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010.07.06 13:35:50 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zqgxbm7p.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.08.27 09:06:45 | 000,000,000 | ---D | M] (Hotspot Shield Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zqgxbm7p.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2010.04.10 12:38:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zqgxbm7p.default\extensions\DTToolbar@toolbarnet.com
[2009.07.01 14:20:48 | 000,000,890 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\zqgxbm7p.default\searchplugins\conduit.xml
[2009.10.01 07:11:21 | 000,002,399 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\zqgxbm7p.default\searchplugins\daemon-search.xml
[2009.10.29 10:05:08 | 000,002,280 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\zqgxbm7p.default\searchplugins\winload.xml
[2009.12.12 12:55:21 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.19 17:49:30 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.19 17:49:30 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.19 17:49:31 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.19 17:49:31 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.19 17:49:31 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\System32\bgstb.dll (Broadgun Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [BOC-427] C:\Programme\Comodo\CBOClean\BOC427.EXE (COMODO)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKLM..\RunOnce: [Trojan Remover] C:\Program Files\Trojan Remover\RMVTRJAN.EXE (Simply Super Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\Biet-O-Matic\\\\AddToBOM.hta ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.04.14 22:54:30 | 000,000,166 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{57ab39f5-e740-11de-8cb7-40618601bdc0}\Shell - "" = AutoRun
O33 - MountPoints2\{57ab39f5-e740-11de-8cb7-40618601bdc0}\Shell\AutoRun\command - "" = I:\INTRO.EXE -- File not found
O33 - MountPoints2\{ce499221-1c8b-11df-a323-40618601bdc0}\Shell - "" = AutoRun
O33 - MountPoints2\{ce499221-1c8b-11df-a323-40618601bdc0}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.11.02 19:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.11.02 19:51:24 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.11.02 19:31:22 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software
[2010.11.02 19:31:16 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010.11.02 19:31:14 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010.11.02 19:31:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Simply Super Software
[2010.11.02 19:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.11.02 18:23:25 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.11.02 18:23:25 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.11.02 18:23:25 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.11.02 18:23:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.11.02 18:23:22 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010.11.02 09:49:12 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.11.02 09:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.10.26 13:44:18 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.10.14 07:34:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.14 07:34:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.14 07:34:55 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.14 07:34:55 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.14 07:34:55 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.14 07:34:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.14 07:34:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.14 07:34:55 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.14 07:34:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.14 07:34:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.14 07:34:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.14 07:34:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.14 07:34:39 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.14 07:34:39 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.14 07:34:27 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.14 07:34:23 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.14 07:34:14 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.14 07:34:12 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010.10.04 08:52:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sync App Settings
[2010.10.04 08:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sync App Settings
[2010.10.04 08:49:42 | 000,000,000 | ---D | C] -- C:\Programme\Allway Sync
[2010.10.04 08:48:49 | 006,151,864 | ---- | C] (Botkind Inc ) -- C:\Users\***\Desktop\allwaysync-10-2-3.exe
[2010.04.05 15:53:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[2008.08.21 10:46:20 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007.07.04 14:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.02 20:11:59 | 000,006,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.02 20:11:59 | 000,006,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.02 20:09:04 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.02 20:09:04 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.02 20:09:04 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.02 20:09:04 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.02 20:05:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.02 20:03:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.02 20:03:40 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.02 18:27:22 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.10.25 07:21:36 | 000,212,992 | ---- | M] () -- C:\Users\***\Documents\***.doc
[2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.19 11:25:13 | 000,031,666 | ---- | M] () -- C:\Users\***\Desktop\todo *** 082010 a.docx
[2010.10.18 09:09:50 | 000,025,280 | ---- | M] () -- C:\Users\***\Desktop\Interessentenliste 082010 Vorlage.xlsx
[2010.10.17 13:35:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.15 07:33:01 | 001,780,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.14 07:28:18 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010.10.13 09:05:00 | 000,140,800 | ---- | M] () -- C:\Users\***\Documents\Aufstellung Käufersummen.xls
[2010.10.04 14:12:48 | 001,692,575 | ---- | M] () -- C:\Users\***\Steinbild Kopie.jpg
[2010.10.04 14:03:52 | 1140,698,039 | ---- | M] () -- C:\Users\***\Steinbild.psd
[2010.10.04 08:49:47 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Allway Sync.lnk
[2010.10.04 08:49:28 | 006,151,864 | ---- | M] (Botkind Inc ) -- C:\Users\***\Desktop\allwaysync-10-2-3.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.02 19:31:16 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.11.02 19:31:16 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.11.02 19:31:16 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.10.04 14:12:46 | 001,692,575 | ---- | C] () -- C:\Users\***\Steinbild Kopie.jpg
[2010.10.04 14:01:33 | 1140,698,039 | ---- | C] () -- C:\Users\***\Steinbild.psd
[2010.10.04 08:49:47 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Allway Sync.lnk
[2010.09.29 17:03:10 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.09.18 18:24:55 | 000,038,477 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.09.18 18:23:51 | 000,038,470 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.08.12 17:51:35 | 002,648,064 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2010.07.28 09:11:04 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll
[2010.07.16 06:59:23 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.05.23 19:22:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\DiagFunc.dll
[2010.05.23 19:22:14 | 000,000,451 | ---- | C] () -- C:\Windows\System32\DiagFunc.ini
[2010.05.23 19:22:14 | 000,000,072 | ---- | C] () -- C:\Windows\System32\RaCertMgr.ini
[2010.04.05 15:55:10 | 000,000,034 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log
[2010.04.05 15:53:07 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2010.04.05 15:53:07 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2010.04.05 15:53:07 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2010.02.19 23:33:23 | 000,006,144 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.12 18:27:50 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009.12.12 12:50:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.12 12:31:33 | 000,000,419 | ---- | C] () -- C:\Windows\BOC427.INI
[2009.12.08 18:04:32 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.11.24 05:31:31 | 000,004,680 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.10.12 13:22:28 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.09.28 19:05:45 | 000,074,120 | ---- | C] () -- C:\Windows\System32\bgsresen.dll
[2009.09.28 19:05:45 | 000,070,024 | ---- | C] () -- C:\Windows\System32\bgsresfr.dll
[2009.09.28 19:05:45 | 000,070,024 | ---- | C] () -- C:\Windows\System32\bgsreses.dll
[2009.09.28 19:05:45 | 000,070,024 | ---- | C] () -- C:\Windows\System32\bgsresde.dll
[2009.09.28 19:05:44 | 000,057,736 | ---- | C] () -- C:\Windows\System32\bgspmnt.dll
[2009.09.28 15:19:28 | 000,000,571 | ---- | C] () -- C:\Windows\System32\FeMakro.ini
[2009.09.28 15:19:28 | 000,000,497 | ---- | C] () -- C:\Windows\System32\FeAnim.ini
[2009.09.28 11:07:16 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.29 11:33:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.04.22 12:46:42 | 003,482,112 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.11.17 15:53:01 | 000,401,408 | ---- | C] () -- C:\Windows\System32\StepButtonS.dll
[2008.07.29 19:17:46 | 000,491,520 | ---- | C] () -- C:\Windows\System32\mp3lib.dll
[2008.07.16 07:59:38 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL

========== LOP Check ==========

[2009.12.08 19:08:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ACD Systems
[2009.12.13 12:00:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2010.07.27 18:01:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2010.04.26 21:22:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CompanionLink
[2009.11.20 13:07:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2009.12.12 15:24:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2010.07.12 18:41:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2010.05.25 10:50:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2010.09.29 21:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2009.11.20 13:07:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.09.29 17:03:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2009.11.20 13:07:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Medix
[2009.11.20 13:07:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mllister
[2010.11.02 16:08:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\motorola
[2010.09.17 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2009.12.22 12:54:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2010.11.02 16:08:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2010.01.01 22:51:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Participatory Culture Foundation
[2009.11.20 13:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2009.12.29 23:44:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PPLiveVA
[2009.11.20 13:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quark
[2010.11.02 19:31:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simply Super Software
[2010.10.04 08:52:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sync App Settings
[2009.11.20 13:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SZMaster
[2009.12.04 19:30:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.08.12 17:51:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2009.11.20 13:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.04.05 15:55:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2010.05.12 14:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Home Server
[2010.05.23 11:20:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZiggyTV
[2010.09.06 18:02:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TempFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >



Und jetzt findet der Virenscanner, der immer noch im Hintergrund läuft, das Trojanische Pferd TR/Spy.2614272.6 in C:\windows\explorer.exe.vir

Die Datei explorer.exe finde ich überhaupt nicht mehr...
BITTE UM HILFE!!! und schon jetzt vielen Dank im Voraus!

Alt 03.11.2010, 15:37   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37 - Standard

Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37


Wurde Malwarebytes schon ausgeführt?
Wenn ja, bitte alle Logs posten.
__________________

__________________
Alt 05.11.2010, 15:51   #3
richarddaw
 
Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37 - Standard

Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37


Hallo, habe jetzt Malewarebytes drüberlaufen lassen und es wurden 8 Infizierungen gefunden. Hier das Logfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5050

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.11.2010 15:37:46
mbam-log-2010-11-05 (15-37-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 487437
Laufzeit: 5 Stunde(n), 21 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\SystemRestore\FRStaging\Users\dawkins\AppData\Local\Asredc(271).dll (Trojan.Hiloti) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\dawkins\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANABWATZ\setup[1](275).exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\dawkins\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQ600163\setup[1](278).exe (Trojan.Hiloti) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\dawkins\AppData\Local\Temp\0.7458539712469026(298).exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\dawkins\AppData\Local\Temp\rVzxqvZLrZ(314).exe (Trojan.Hiloti) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\dawkins\AppData\Local\Temp\WINDOWS_SECURITY_CENTER(321).exe (Trojan.Downloader) -> No action taken.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> No action taken.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> No action taken.


Warte schon sehr auf HILFE!!!!
__________________
Alt 05.11.2010, 16:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37 - Standard

Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37


Zitat:
-> No action taken.
Du solltest alle Funde entfernen. Bitte nachholen falls das nicht entfernt wurde.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.11.2010, 16:33   #5
richarddaw
 
Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37 - Standard

Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37


Zitat:
Zitat von cosinus Beitrag anzeigen
Du solltest alle Funde entfernen. Bitte nachholen falls das nicht entfernt wurde.
Hallo und Danke für den Tipp. Nur leider funktioniert das ja nicht, weil ich keinen Explorer zu Löschen starten kann. Somit kann ich die infizierten Dateien auch nicht aufrufen...

Ich glaube, da ist nur mehr eine Neuinstallation sinnvoll...

FALLS NICHT JEMAND RASCH EINE LÖSUNG BIETEN KANN!

Nochmals Danke Richard


Alt 05.11.2010, 16:41   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37 - Standard

Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37


Du sollst die nicht über dne Explorer löschen! Wie es üblich ist bei jedem Virenscanner, entfernt Malwarebytes das, was es gefunden hat!
__________________
--> Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37

Antwort

Themen zu Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37
alternate, antivir, avgntflt.sys, avira, bho, bildschirm, canon, components, computer, corp./icp, desktop, downloader, dringend, excel.exe, explorer.exe wininit.exe trojaner, firefox, fontcache, google, helper, hilfe!!, home, home premium, hotspot, hotspot shield, internet, location, logfile, mozilla, nvlddmkm.sys, nvmf6232.sys, nvstor.sys, oldtimer, plug-in, problem, programdata, realtek, scan, searchplugins, security, server, software, sptd.sys, starten., super, taskmanager, tr/spy., tr/spy.2614272.6, tr/spy.96256.37, trojan, virus, webcheck


« Backdoorprogramm BDS/Papras.VZ | zufällige Google Weiterleitung im Browser »


Ähnliche Themen: Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37


  1. Wininit.exe netzwerkverbindung
    Antiviren-, Firewall- und andere Schutzprogramme - 01.06.2013 (4)
  2. Blue-Screen durch wininit.exe
    Alles rund um Windows - 21.09.2012 (5)
  3. explorer.exe Virusbefall
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (1)
  4. Wininit.ini NUL=... au_.exe
    Alles rund um Windows - 04.12.2010 (11)
  5. Entfernen von Virus:Win32/Bamital.H und Trojan:Win32/Spyeye.H aus wininit.exe und explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 19.11.2010 (37)
  6. Trojaner TR/Patched.KL.134 in wininit.exe
    Log-Analyse und Auswertung - 01.11.2010 (6)
  7. TR/bamtial.CB in C:\Windows\System32\wininit.exe
    Log-Analyse und Auswertung - 31.10.2010 (1)
  8. explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (27)
  9. TR/Spy.2614272.4 und TR/Spy.96256.33 machen mir Sorgen...
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (15)
  10. TR/Spy.96256.32
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (1)
  11. TR/spy.2614272.4 und TR/spy.96256.33 bekomme ich nicht gelöscht
    Log-Analyse und Auswertung - 14.10.2010 (4)
  12. Explorer.exe TR/Spy.2614272.2 Found
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (1)
  13. Google Suche manipuliert. System verseucht mit JAVA/C-2009-3867.EH und TR/spy.96256.32
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (14)
  14. Trojaner in wininit.exe und csrss.exe?
    Log-Analyse und Auswertung - 01.09.2010 (1)
  15. Wininit.exe fehlt
    Alles rund um Windows - 21.12.2009 (6)
  16. explorer.exe und alle anderen starten nicht extremer virusbefall!!!
    Plagegeister aller Art und deren Bekämpfung - 07.08.2008 (5)
  17. wininit.ini
    Archiv - 13.01.2003 (31)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37 - Hallo, ich bin eine Neuling und brauche dringend Hilfe! zu meinem Problem: Ich habe heute in der Früh meinen Computer eingeschaltet und das Ding hat nicht mehr aufgehört zu piesen! - Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37...
Archiv
Du betrachtest: Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130