Ist mein PC infiziert?

PinguinofG · 08.12.2010, 21:45

Hallo Community.
Ich hatte gestern einen Virus, es handelte sich um den TR/FakeAV.AF
Diesen habe ich m.Mn nach gelöscht, aber ich bin mir nicht sicher.
Nun möchte ich mir hier Gewissheit holen.
Der HiJack Scan:
[SPOILER]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:13, on 08.12.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\ICQ7.1\ICQ.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\program files (x86)\avira\antivir desktop\avscan.exe
C:\Users\Phil\AppData\Local\Temp\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10077 bytes
[/SPOILER]

Vielen Dank im Vorraus

cosinus · 09.12.2010, 11:30

Zitat:

es handelte sich um den TR/FakeAV.AF

Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.

PinguinofG · 09.12.2010, 22:44

Also die genaue Schädlingsbezeichnung war C:\Users\****\AppData\Local\Temp\172287.exe
OTL.txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.12.2010 23:01:49 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Public\Desktop\MFtools
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 31,33 Gb Free Space | 52,55% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 95,64 Gb Free Space | 32,08% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 115,20 Gb Free Space | 19,32% Space Free | Partition Type: NTFS
Drive M: | 931,51 Gb Total Space | 524,90 Gb Free Space | 56,35% Space Free | Partition Type: NTFS
 
Computer Name: ****-HTPC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.09 22:48:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.12.08 21:05:24 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.03 11:01:45 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.03 11:01:45 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.05.27 16:14:11 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.04.15 22:42:22 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.04.15 22:42:18 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.12.21 07:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.09 22:48:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010.02.14 01:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHookX32.dll
MOD - [2010.02.14 01:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonResButtons.dll
MOD - [2010.01.30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.01.01 07:03:05 | 000,159,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
MOD - [2009.07.14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2009.07.14 02:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll
MOD - [2009.07.14 02:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
MOD - [2009.07.14 02:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009.07.14 02:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IconCodecService.dll
MOD - [2009.07.14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll
MOD - [2009.07.14 02:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll
MOD - [2009.07.14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll
MOD - [2009.07.14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2009.06.10 22:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
MOD - [2009.06.10 22:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010.03.03 05:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.01.29 22:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.12.08 21:05:24 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.03 11:01:45 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.05.27 16:14:11 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.04.15 22:42:22 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.04.15 22:42:18 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.11.22 14:09:29 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.03.03 05:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.03 04:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.01.28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.01 09:33:43 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.10 12:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.11.10 12:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.15 22:39:50 | 000,051,712 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applebmt.sys -- (applebmt)
DRV:64bit: - [2009.09.18 02:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 06:34:38 | 000,344,592 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MtsBda.sys -- (MTSBDA)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008.11.14 01:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 39 6A 65 13 97 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/news"
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.29 13:10:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.21 15:57:43 | 000,000,000 | ---D | M]
 
[2010.08.27 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Extensions
[2010.08.27 20:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.09 20:42:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\3vaxngl1.default\extensions
[2010.10.15 13:37:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\3vaxngl1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.01 08:50:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\3vaxngl1.default\extensions\allglassv2@ambroos.neowin.net
[2010.05.27 16:01:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\3vaxngl1.default\extensions\battlefieldheroespatcher@ea.com
[2010.05.09 18:51:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.05.09 18:51:57 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.10.22 13:18:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.22 13:18:17 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.22 13:18:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.22 13:18:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.22 13:18:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.09 22:51:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010.12.09 22:49:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010.12.09 22:49:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.09 22:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.09 22:49:43 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.09 22:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.09 22:48:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.12.08 21:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.12.08 17:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.11.20 17:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.11.20 17:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.09 23:02:11 | 001,525,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.09 23:02:11 | 000,663,604 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.09 23:02:11 | 000,624,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.09 23:02:11 | 000,134,872 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.09 23:02:11 | 000,110,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.09 23:02:06 | 000,016,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.09 23:02:06 | 000,016,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.09 22:57:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.09 22:56:58 | 3117,010,944 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.09 22:51:55 | 000,000,909 | ---- | M] () -- C:\Users\****\Desktop\ERUNT.lnk
[2010.12.09 22:49:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.22 14:09:29 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.12 18:20:21 | 000,007,605 | ---- | M] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
 
========== Files Created - No Company Name ==========
 
[2010.12.09 22:51:55 | 000,000,909 | ---- | C] () -- C:\Users\****\Desktop\ERUNT.lnk
[2010.12.09 22:49:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.12 18:20:21 | 000,007,605 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.06.03 13:21:58 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010.06.03 13:09:10 | 000,033,134 | ---- | C] () -- C:\Users\****\AppData\Roaming\UserTile.png
[2010.05.29 23:05:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.05.09 18:53:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.01 09:49:31 | 000,000,304 | ---- | C] () -- C:\Windows\game.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.10.17 17:14:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon
[2010.04.30 22:21:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2010.10.20 16:38:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HTC
[2010.10.20 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.12.09 20:32:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.10.19 12:22:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Jaran Nilsen
[2010.01.01 08:23:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2010.10.17 16:52:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Simfy
[2010.12.06 19:55:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2010.06.03 13:27:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Teleca
[2010.12.06 20:02:33 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---
MBAM.log:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5282

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09.12.2010 22:55:12
mbam-log-2010-12-09 (22-55-09).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 151107
Laufzeit: 1 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\AVSuitE (Rogue.AntivirusSuite) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\****\AppData\Local\Temp\tmpF03B.tmp (Rogue.HDDSCan) -> No action taken.

Nochmal der Hijack Scan:HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:13, on 08.12.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\ICQ7.1\ICQ.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\program files (x86)\avira\antivir desktop\avscan.exe
C:\Users\Phil\AppData\Local\Temp\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10077 bytes

--- --- ---

PinguinofG · 09.12.2010, 22:45

Ich habe im Post über diesem alle wichtigen Logs eingefügt

cosinus · 10.12.2010, 11:22

Zitat:

Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

PinguinofG · 10.12.2010, 14:38

Hier der Full Scan:
Malwarebytes' Anti-Malware 1.50
Malwarebytes

Datenbank Version: 5286

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10.12.2010 14:35:14
mbam-log-2010-12-10 (14-35-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 294533
Laufzeit: 14 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\****\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\3FB3ZLKN\1777008576[1].exe (Rogue.HDDSCan) -> Quarantined and deleted successfully.

cosinus · 10.12.2010, 19:21

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

PinguinofG · 10.12.2010, 19:48

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ****
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4313812 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11857265 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32835 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12102010_194521

Files\Folders moved on Reboot...
File\Folder C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

cosinus · 10.12.2010, 20:18

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

PinguinofG · 10.12.2010, 20:50

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-12-09.04 - Phil 10.12.2010  20:44:17.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3963.2672 [GMT 1:00]
ausgeführt von:: c:\users\Phil\Downloads\cofi.exe.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.


.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_monitor


(((((((((((((((((((((((   Dateien erstellt von 2010-11-10 bis 2010-12-10  ))))))))))))))))))))))))))))))
.

2010-12-10 19:46 . 2010-12-10 19:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-10 18:42 . 2010-12-10 18:42	--------	d-----w-	C:\_OTL
2010-12-10 14:39 . 2010-11-10 05:35	8199504	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B61A3A58-B8E4-41F0-B41E-D0D72206BF66}\mpengine.dll
2010-12-10 13:13 . 2010-12-10 13:39	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-09 21:49 . 2010-12-09 21:49	--------	d-----w-	c:\users\Phil\AppData\Roaming\Malwarebytes
2010-12-09 21:49 . 2010-12-09 21:49	--------	d-----w-	c:\programdata\Malwarebytes
2010-12-09 21:49 . 2010-11-29 16:42	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-08 20:24 . 2010-12-08 20:24	--------	d-----w-	c:\program files (x86)\Trend Micro
2010-12-08 16:11 . 2010-12-08 16:40	--------	d-----w-	c:\program files\DIFX
2010-12-08 16:10 . 2009-10-15 21:39	51712	----a-w-	c:\windows\system32\drivers\applebmt.sys
2010-12-08 16:10 . 2009-10-15 21:39	1919968	----a-w-	c:\windows\system32\drivers\WdfCoInstaller01005.dll
2010-11-24 15:10 . 2010-10-19 08:47	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-11-24 15:10 . 2010-10-19 08:10	7680	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-20 16:46 . 2010-11-20 16:47	--------	d-----w-	c:\program files\iTunes
2010-11-20 16:46 . 2010-11-20 16:46	--------	d-----w-	c:\program files\iPod

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 13:09 . 2010-01-01 06:04	83120	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-04 19:39 . 2010-01-01 07:23	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2010-10-19 09:41 . 2010-01-01 07:35	270720	------w-	c:\windows\system32\MpSigStub.exe
2010-09-28 14:44 . 2010-09-28 14:44	51712	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2010-09-28 14:44 . 2010-09-28 14:44	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2006-05-03 09:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\SysWOW64\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-28 294912]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-4-27 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-04-15 2533400]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-01 834544]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
S3 applebmt;Apple Wireless Mouse;c:\windows\system32\DRIVERS\applebmt.sys [2009-10-15 51712]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 MTSBDA;TechniSat SkyStar HD2;c:\windows\system32\Drivers\MtsBda.sys [2009-07-13 344592]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi.exe\CF19615.cfxxe" [X]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files (x86)\ICQ7.1\ICQ.exe
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\3vaxngl1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/news
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\3vaxngl1.default\extensions\allglassv2@ambroos.neowin.net\components\dwmxpcom.dll
FF - plugin: c:\progra~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: All-Glass Firefox mod, based on Glasser: allglassv2@ambroos.neowin.net - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\3vaxngl1.default\extensions\allglassv2@ambroos.neowin.net
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\3vaxngl1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_heroes.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2357809656-2649853414-1228400778-1000\Software\SecuROM\License information*]
"datasecu"=hex:23,df,78,23,cc,e1,7d,26,bb,9b,2b,f8,3c,b6,37,b1,f6,fc,0b,31,d0,
   fd,d5,c5,3b,73,16,1b,86,8e,07,8c,32,d2,cd,89,13,55,03,2d,ce,cc,4e,e3,fc,fd,\
"rkeysecu"=hex:31,f7,f7,71,40,0f,21,e0,70,43,73,5d,dd,95,f7,9f

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-12-10  20:49:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-12-10 19:49

Vor Suchlauf: 34.681.053.184 bytes free
Nach Suchlauf: 34.110.832.640 bytes free

- - End Of File - - 6C8D8167D550ABB21DB56FFA91605259

--- --- ---

cosinus · 10.12.2010, 21:05

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

PinguinofG · 10.12.2010, 22:08

Ich kann den GMER log nicht posten, da das Programm nicht funktioniert.
Aber den OSAM Log kann ich ebenfalls nicht posten, da der Butten für Safe Log scheinbar nicht funktioniert, denn es öffnet sich kein Fester.
Ich habe jetzt aber mal die rot markierten Beiträge raus gesucht und werde sie jetzt hier posten:
C:\Windows\system32\drivers\arb0jdpf.sys
C:\Windows\System32\Drivers\sptd.sys

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: H57M-USB3
Logical Drives Mask: 0x0000105d

Kernel Drivers (total 203):
0x02C05000 \SystemRoot\system32\ntoskrnl.exe
0x031E1000 \SystemRoot\system32\hal.dll
0x00BD1000 \SystemRoot\system32\kdcom.dll
0x00C7D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CC1000 \SystemRoot\system32\PSHED.dll
0x00CD5000 \SystemRoot\system32\CLFS.SYS
0x00D33000 \SystemRoot\system32\CI.dll
0x00E48000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EEC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0100F000 \SystemRoot\System32\Drivers\spfh.sys
0x01135000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x0113E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0116D000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x011C4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011CE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EFB000 \SystemRoot\system32\DRIVERS\pci.sys
0x011DB000 \SystemRoot\System32\drivers\partmgr.sys
0x00F2E000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F43000 \SystemRoot\System32\drivers\volmgrx.sys
0x011F0000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00F9F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FAF000 \SystemRoot\System32\drivers\mountmgr.sys
0x011F7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00FC9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01000000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00FF3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E00000 \SystemRoot\system32\drivers\fileinfo.sys
0x0125D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014ED000 \SystemRoot\System32\Drivers\msrpc.sys
0x0154B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01565000 \SystemRoot\System32\Drivers\cng.sys
0x015D8000 \SystemRoot\System32\drivers\pcw.sys
0x015E9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016A0000 \SystemRoot\system32\drivers\ndis.sys
0x01792000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01675000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01685000 \SystemRoot\System32\Drivers\spldr.sys
0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
0x0168D000 \SystemRoot\System32\Drivers\mup.sys
0x017F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01486000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x014C0000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x014E4000 \SystemRoot\System32\Drivers\Null.SYS
0x0124E000 \SystemRoot\System32\Drivers\Beep.SYS
0x00E14000 \SystemRoot\System32\drivers\vga.sys
0x00E22000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x00C4C000 \SystemRoot\System32\drivers\watchdog.sys
0x00C5C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x00C65000 \SystemRoot\system32\drivers\rdpencdd.sys
0x00C6E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x00DF3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C78000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C89000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02CA7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CB4000 \SystemRoot\system32\drivers\afd.sys
0x02D3E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D83000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D8C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DB2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DC1000 \SystemRoot\system32\DRIVERS\serial.sys
0x02DDE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C00000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C14000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C65000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03AB4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03ABF000 \SystemRoot\System32\drivers\discache.sys
0x03ACE000 \SystemRoot\system32\drivers\csc.sys
0x03B51000 \SystemRoot\System32\Drivers\dfsc.sys
0x03B6F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B80000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03BA2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03BC8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03A00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x048E5000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x03CC0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03DB4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C24000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x03C35000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03C42000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03C98000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04F54000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04F86000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x03CA9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04800000 \SystemRoot\System32\Drivers\MtsBda.sys
0x04857000 \SystemRoot\System32\Drivers\ks.sys
0x03CAB000 \SystemRoot\System32\Drivers\BdaSup.SYS
0x03CAF000 \SystemRoot\system32\drivers\ksthunk.sys
0x0489A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x048D8000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04FB6000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03A34000 \SystemRoot\System32\Drivers\arb0jdpf.SYS
0x04FC2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04FD2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03A79000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04FE8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0442C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0445B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04476000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04497000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x044B1000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x044BC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x044CB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x044DA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x044DC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x044EE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04548000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x0455F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x0456A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0457F000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x045A1000 \SystemRoot\system32\drivers\portcls.sys
0x045DE000 \SystemRoot\system32\drivers\drmk.sys
0x05E13000 \SystemRoot\system32\drivers\HdAudio.sys
0x05E6F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x05E99000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05EA6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x05EB4000 \SystemRoot\System32\drivers\Dxapi.sys
0x05EC0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05ECC000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x05ED7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05EEA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05F07000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05F15000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05F2E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05F37000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05F4B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05F59000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05F66000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x05F7A000 \SystemRoot\system32\drivers\luafv.sys
0x05F9D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x006A0000 \SystemRoot\System32\cdd.dll
0x05FBA000 \SystemRoot\system32\drivers\WudfPf.sys
0x05FDB000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x02A18000 \SystemRoot\System32\Drivers\bthport.sys
0x02AA4000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x02AD0000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x02AE0000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x02B00000 \SystemRoot\system32\DRIVERS\applebmt.sys
0x02B13000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x02B31000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02B46000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x054B5000 \SystemRoot\system32\drivers\HTTP.sys
0x0557D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0559B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x055B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0544E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0722C000 \SystemRoot\system32\drivers\peauth.sys
0x072D2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x072DD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0737B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0738D000 \??\C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
0x07396000 \SystemRoot\System32\DRIVERS\srv2.sys
0x02B5E000 \SystemRoot\System32\DRIVERS\srv.sys
0x07200000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x778E0000 \Windows\System32\ntdll.dll
0x482D0000 \Windows\System32\smss.exe
0xFFC00000 \Windows\System32\apisetschema.dll
0xFFAD0000 \Windows\System32\autochk.exe
0xFF9E0000 \Windows\System32\ole32.dll
0xFF900000 \Windows\System32\oleaut32.dll
0xFF8E0000 \Windows\System32\imagehlp.dll
0xFF7B0000 \Windows\System32\rpcrt4.dll
0xFF790000 \Windows\System32\sechost.dll
0xFF680000 \Windows\System32\msctf.dll
0xFF630000 \Windows\System32\Wldap32.dll
0xFF620000 \Windows\System32\nsi.dll
0xFF440000 \Windows\System32\setupapi.dll
0xFF3C0000 \Windows\System32\shlwapi.dll
0x77AB0000 \Windows\System32\normaliz.dll
0xFF390000 \Windows\System32\imm32.dll
0xFF260000 \Windows\System32\wininet.dll
0xFE4D0000 \Windows\System32\shell32.dll
0x77AA0000 \Windows\System32\psapi.dll
0xFE430000 \Windows\System32\comdlg32.dll
0xFE3C0000 \Windows\System32\gdi32.dll
0xFE3B0000 \Windows\System32\lpk.dll
0xFE360000 \Windows\System32\ws2_32.dll
0xFE2C0000 \Windows\System32\clbcatq.dll
0xFE240000 \Windows\System32\difxapi.dll
0xFE170000 \Windows\System32\usp10.dll
0xFE090000 \Windows\System32\advapi32.dll
0x777E0000 \Windows\System32\user32.dll
0xFDFF0000 \Windows\System32\msvcrt.dll
0x776C0000 \Windows\System32\kernel32.dll
0xFDE70000 \Windows\System32\urlmon.dll
0xFDC10000 \Windows\System32\iertutil.dll
0xFDBD0000 \Windows\System32\wintrust.dll
0xFDA60000 \Windows\System32\crypt32.dll
0xFDA40000 \Windows\System32\devobj.dll
0xFD9A0000 \Windows\System32\comctl32.dll
0xFD960000 \Windows\System32\cfgmgr32.dll
0xFD8F0000 \Windows\System32\KernelBase.dll
0xFD8E0000 \Windows\System32\msasn1.dll
0x76AC0000 \Windows\SysWOW64\normaliz.dll

Processes (total 74):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
432 csrss.exe
496 C:\Windows\System32\wininit.exe
516 csrss.exe
552 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
676 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\atiesrxx.exe
908 C:\Windows\System32\winlogon.exe
960 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
120 C:\Windows\System32\svchost.exe
572 C:\Windows\System32\audiodg.exe
1048 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\atieclxx.exe
1188 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\spoolsv.exe
1396 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1428 C:\Windows\System32\svchost.exe
1532 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1580 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1644 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1704 C:\Windows\System32\taskhost.exe
1756 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
1800 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1836 C:\Windows\System32\conhost.exe
1868 C:\Windows\SysWOW64\PnkBstrA.exe
2000 C:\Windows\System32\svchost.exe
2172 C:\Windows\System32\dwm.exe
2252 C:\Windows\explorer.exe
2476 C:\Program Files\Logitech\SetPointP\SetPoint.exe
2508 C:\Program Files\UltraMon\UltraMon.exe
2556 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
2620 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2708 C:\Program Files\UltraMon\UltraMonTaskbar.exe
2716 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2724 C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2744 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2988 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1616 C:\Program Files\iPod\bin\iPodService.exe
3276 C:\Windows\System32\svchost.exe
3368 C:\Windows\System32\SearchIndexer.exe
3608 C:\Program Files\Windows Media Player\wmpnetwk.exe
3660 C:\Windows\System32\svchost.exe
3964 C:\Windows\System32\svchost.exe
4260 C:\Windows\System32\svchost.exe
4928 C:\Program Files\UltraMon\UltraMonUiAcc.exe
4960 C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
4156 C:\Program Files (x86)\ICQ7.1\ICQ.exe
4168 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4180 C:\Program Files (x86)\Last.fm\LastFM.exe
4616 C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
4672 C:\Program Files (x86)\iTunes\iTunes.exe
4820 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5048 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
4496 C:\Windows\System32\conhost.exe
4188 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
4628 C:\Windows\System32\conhost.exe
1672 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2928 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
3496 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
3408 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
3340 C:\Users\Phil\Downloads\osam.exe
2816 C:\Windows\System32\SearchProtocolHost.exe
1676 C:\Windows\System32\SearchFilterHost.exe
4324 C:\Windows\System32\dllhost.exe
4020 dllhost.exe
4112 dllhost.exe
4016 C:\Users\Phil\Downloads\MBRCheck.exe
4980 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000 (NTFS)
\\.\M: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive2 Model Number: G.SKILLFALCON64GBSSD, Rev: 1370
PhysicalDrive1 Model Number: SAMSUNGHD322HJ, Rev: 1AC01113
PhysicalDrive3 Model Number: WDCWD6400AAKS-00A7B2, Rev: 01.03B01
PhysicalDrive0 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113

Size Device Name MBR Status
--------------------------------------------
59 GB \\.\PhysicalDrive2 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
298 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
596 GB \\.\PhysicalDrive3 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

cosinus · 10.12.2010, 23:03

Zitat:

da der Butten für Safe Log scheinbar nicht funktioniert

Kannste es nochmal probieren?

PinguinofG · 10.12.2010, 23:04

Ich habe es jetzt 5 mal probiert, wenn ich auf den Button klicke tut sich nichts, es tut mir Leid

cosinus · 10.12.2010, 23:05

Auch nach einem Windows-Neustart nicht?

10.12.2010, 23:05	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ist mein PC infiziert? Auch nach einem Windows-Neustart nicht? __________________ Logfiles bitte immer in CODE-Tags posten

Ist mein PC infiziert?

Log-Analyse und Auswertung: Ist mein PC infiziert?