Logfileanalyse für Suche nach "BKA-Trojaner"

fubahr · 18.04.2011, 15:57

Hallo Experten,

ich schließe mich dem allgemeinen Trend an, und habe mir den BKA-Trojaner eingefangen^^

Im Gegensatz zu den Beiträgen die ich hier im Forum schon gelesen habe, ist bei meiner Windows 7-Installation nur ein Nicht-Admin-Benutzer (Im Log-File unter als "user_non_admin" bezeichnet) betroffen. Wenn ich diesen anmelde, kommt gleich der bekannte Screen mit der 100€-Erpressung.

Wenn ich jedoch einen zweiten Nutzer anmelde (Administratorrechte, im Log-File als "user_admin" bezeichnet), kann ich normal arbeiten. Ich habe OTL unter diesem User laufen lassen (Einstellungen wie hier beschrieben: http://www.trojaner-board.de/85104-o...-oldtimer.html).

Zwar habe ich mir einige Beträge mit den gleichen Problemen durchgelesen, doch konnte ich bei mir den Trojaner nicht selbst finden (er lag sonst i. d. R. in dem temporären Dateien der betroffenen User). Deshalb meine Bitte um Hilfe bei der Analyse.

Danke und Gruß,
fubahr.

Hier das Logfile "otl.txt"
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.04.2011 15:23:11 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\user_admin\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,47 Gb Total Space | 0,45 Gb Free Space | 1,31% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 47,06 Gb Free Space | 80,32% Space Free | Partition Type: NTFS
 
Computer Name: MOBIL | User Name: user_admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user_admin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Users\user_admin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\user_admin\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2793383824-1827461507-781344404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kabeldeutschland.de/portal
IE - HKU\S-1-5-21-2793383824-1827461507-781344404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.kabeldeutschland.de/portal"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.18 08:30:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.18 11:47:35 | 000,000,000 | ---D | M]
 
[2010.08.11 23:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user_admin\AppData\Roaming\mozilla\Extensions
[2011.04.18 14:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user_admin\AppData\Roaming\mozilla\Firefox\Profiles\gkicd4tk.default\extensions
[2010.12.17 10:33:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\user_admin\AppData\Roaming\mozilla\Firefox\Profiles\gkicd4tk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.09.05 21:07:20 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\user_admin\AppData\Roaming\mozilla\Firefox\Profiles\gkicd4tk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.12.17 10:33:23 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\user_admin\AppData\Roaming\mozilla\Firefox\Profiles\gkicd4tk.default\extensions\foxmarks@kei.com
[2011.04.18 12:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.24 11:26:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.04.18 12:47:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.08.24 11:26:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.04.18 12:47:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.04.18 08:30:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.18 08:30:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.18 08:30:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.04.18 08:30:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.04.18 08:30:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-21-2793383824-1827461507-781344404-1000..\Run: [SansaDispatch] C:\Users\user_admin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\user_non_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\user_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2793383824-1827461507-781344404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.18 12:53:23 | 000,000,000 | ---D | C] -- C:\Users\user_admin\AppData\Roaming\Malwarebytes
[2011.04.18 12:53:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.18 12:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.18 12:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.18 12:53:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.18 12:53:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.18 12:47:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.04.18 12:47:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.18 12:47:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.18 12:47:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.18 09:51:44 | 000,000,000 | ---D | C] -- C:\Users\user_admin\AppData\Roaming\Avira
[2011.04.15 18:10:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 18:10:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.15 18:10:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 18:10:36 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 18:10:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 18:10:27 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 18:10:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 18:10:27 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 18:10:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.15 18:10:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 18:10:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.15 18:10:27 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.15 18:10:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.15 18:10:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.15 18:10:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.15 18:10:26 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.15 18:09:59 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 18:09:58 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011.04.15 18:09:54 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 18:09:54 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.04 20:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.04.04 20:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011.04.04 20:21:37 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2011.04.04 19:46:43 | 000,000,000 | ---D | C] -- C:\Users\user_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BRL-CAD
[2011.04.04 19:46:31 | 000,000,000 | ---D | C] -- C:\Programme\BRL-CAD
[2011.03.20 18:20:03 | 000,000,000 | ---D | C] -- C:\Users\user_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kabel Deutschland
[2011.03.20 18:19:58 | 000,000,000 | ---D | C] -- C:\Programme\Kabel_Deutschland
[2010.09.12 11:14:53 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Programme\putty.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.18 14:29:33 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 14:29:33 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 14:26:15 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.18 14:26:15 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.18 14:26:15 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.18 14:26:15 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.18 14:21:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.18 14:21:48 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.18 12:53:19 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.18 11:47:35 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.04.18 09:45:01 | 000,319,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.18 08:40:09 | 234,158,080 | ---- | M] () -- C:\Users\user_admin\Desktop\rescue_system-common-en.iso
[2011.04.04 20:21:57 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011.04.04 19:46:43 | 000,002,027 | ---- | M] () -- C:\Users\user_admin\Desktop\RtWizard.lnk
[2011.04.04 19:46:43 | 000,002,015 | ---- | M] () -- C:\Users\user_admin\Desktop\Archer.lnk
[2011.04.04 19:46:43 | 000,002,003 | ---- | M] () -- C:\Users\user_admin\Desktop\MGED.lnk
[2011.03.20 19:44:04 | 000,001,164 | ---- | M] () -- C:\Users\user_admin\AppData\Local\9A5FF4EA.il
[2011.03.20 19:44:04 | 000,000,280 | ---- | M] () -- C:\Users\user_admin\AppData\Local\IndexIE_9A5FF4EA.il
[2011.03.20 18:20:05 | 000,000,992 | ---- | M] () -- C:\Users\user_admin\Desktop\Mein Kabel Deutschland.lnk
[2011.03.20 18:20:02 | 000,001,020 | ---- | M] () -- C:\Users\user_admin\Desktop\Kabel Deutschland starten.lnk
 
========== Files Created - No Company Name ==========
 
[2011.04.18 12:53:19 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.18 08:37:41 | 234,158,080 | ---- | C] () -- C:\Users\user_admin\Desktop\rescue_system-common-en.iso
[2011.04.04 20:21:57 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011.04.04 19:46:43 | 000,002,027 | ---- | C] () -- C:\Users\user_admin\Desktop\RtWizard.lnk
[2011.04.04 19:46:43 | 000,002,015 | ---- | C] () -- C:\Users\user_admin\Desktop\Archer.lnk
[2011.04.04 19:46:43 | 000,002,003 | ---- | C] () -- C:\Users\user_admin\Desktop\MGED.lnk
[2011.03.20 18:20:05 | 000,000,992 | ---- | C] () -- C:\Users\user_admin\Desktop\Mein Kabel Deutschland.lnk
[2011.03.20 18:20:02 | 000,001,020 | ---- | C] () -- C:\Users\user_admin\Desktop\Kabel Deutschland starten.lnk
[2011.03.20 18:18:37 | 000,001,164 | ---- | C] () -- C:\Users\user_admin\AppData\Local\9A5FF4EA.il
[2011.03.20 18:18:37 | 000,000,280 | ---- | C] () -- C:\Users\user_admin\AppData\Local\IndexIE_9A5FF4EA.il
[2010.11.27 10:14:57 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2010.11.27 10:14:56 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.27 10:14:56 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.11.22 21:55:55 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.08.24 19:54:47 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.08.24 19:49:09 | 000,303,104 | ---- | C] () -- C:\Windows\emunist.exe
[2010.08.24 19:49:09 | 000,001,336 | ---- | C] () -- C:\Windows\TVEpaDrv.ini
[2010.08.23 19:55:44 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.08.12 07:16:18 | 000,003,584 | ---- | C] () -- C:\Users\user_admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.14 10:47:43 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,319,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.12.15 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\user_non_admin\AppData\Roaming\Buhl Data Service GmbH
[2010.08.23 19:55:57 | 000,000,000 | ---D | M] -- C:\Users\user_non_admin\AppData\Roaming\Canneverbe Limited
[2010.11.22 10:15:37 | 000,000,000 | ---D | M] -- C:\Users\user_non_admin\AppData\Roaming\DeepBurner
[2010.10.30 19:38:16 | 000,000,000 | ---D | M] -- C:\Users\user_non_admin\AppData\Roaming\DVDVideoSoft
[2010.08.24 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\user_non_admin\AppData\Roaming\MAGIX
[2010.09.12 03:41:42 | 000,000,000 | ---D | M] -- C:\Users\user_non_admin\AppData\Roaming\Notepad++
[2010.09.12 04:58:03 | 000,000,000 | ---D | M] -- C:\Users\user_non_admin\AppData\Roaming\OpenOffice.org
[2010.10.26 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\user_non_admin\AppData\Roaming\SanDisk
[2010.11.03 00:05:04 | 000,000,000 | ---D | M] -- C:\Users\user_non_admin\AppData\Roaming\TrueCrypt
[2010.09.24 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\user_non_admin\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010.08.15 10:35:07 | 000,000,000 | ---D | M] -- C:\Users\user_non_admin\AppData\Roaming\ZyXEL
[2010.08.23 21:26:45 | 000,000,000 | ---D | M] -- C:\Users\user_admin\AppData\Roaming\Buhl Data Service
[2010.12.29 19:26:19 | 000,000,000 | ---D | M] -- C:\Users\user_admin\AppData\Roaming\Buhl Data Service GmbH
[2010.08.23 21:40:38 | 000,000,000 | ---D | M] -- C:\Users\user_admin\AppData\Roaming\Canneverbe Limited
[2010.08.23 21:26:38 | 000,000,000 | ---D | M] -- C:\Users\user_admin\AppData\Roaming\LetsTrade
[2010.08.24 20:12:15 | 000,000,000 | ---D | M] -- C:\Users\user_admin\AppData\Roaming\MAGIX
[2010.08.24 19:48:46 | 000,000,000 | ---D | M] -- C:\Users\user_admin\AppData\Roaming\MAGIX USB-Videowandler 2
[2010.09.12 03:41:45 | 000,000,000 | ---D | M] -- C:\Users\user_admin\AppData\Roaming\Notepad++
[2010.09.14 19:10:51 | 000,000,000 | ---D | M] -- C:\Users\user_admin\AppData\Roaming\OpenOffice.org
[2010.10.26 21:11:38 | 000,000,000 | ---D | M] -- C:\Users\user_admin\AppData\Roaming\SanDisk
[2009.07.14 06:53:46 | 000,013,480 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

cosinus · 18.04.2011, 16:15

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

fubahr · 18.04.2011, 16:26

Das Log von Malwarebytes brachte keine Ergebnisse

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6388

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

18.04.2011 14:20:49
mbam-log-2011-04-18 (14-20-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 292705
Laufzeit: 27 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Vorher habe ich jedoch einen "erfolgreichen" Scan mit Avira Rescue System durchgeführt:

Zitat:

Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set: 8.2.4.208
VDF Version: 7.11.6.148
Scan start time: Mon Apr 18 10:51:50 2011
configuration file: /etc/avira/scancl.conf
WARNING: [Unexpected end of file] /media/Devices/sda2/Users/user_non_admin/AppData/Local/Temp/jar_cache5111443126099775651.tmp

ALERT: [JAVA/OpenConnect.CF] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/14/1edd778e-397faa99 --> bpac/a.class <<< Contains signature of the Java virus JAVA/OpenConnect.CF

ALERT: [Java/Agent.BH] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/14/5029cd0e-31d5cf38 --> dev/s/AdgredY.class <<< Contains signature of the Java virus JAVA/Agent.BH

ALERT: [Java/Agent.GS] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/14/5029cd0e-31d5cf38 --> dev/s/DyesyasZ.class <<< Contains signature of the Java virus JAVA/Agent.GS

ALERT: [JAVA/ClassLoader.BO] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/14/5029cd0e-31d5cf38 --> dev/s/LoaderX.class <<< Contains signature of the Java virus JAVA/ClassLoader.BO

ALERT: [Java/Exdoer.AD] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/20/185c7294-7635e75a --> music/aimp.class <<< Contains signature of the Java virus JAVA/Exdoer.AD

ALERT: [Java/Exdoer.AE] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/20/185c7294-7635e75a --> music/guff.class <<< Contains signature of the Java virus JAVA/Exdoer.AE

ALERT: [Java/Exdoer.AB] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/20/185c7294-7635e75a --> music/winamp.class <<< Contains signature of the Java virus JAVA/Exdoer.AB

ALERT: [Java/Exdoer.AC] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/20/185c7294-7635e75a --> tracklist/list.class <<< Contains signature of the Java virus JAVA/Exdoer.AC

ALERT: [Java/Agent.HO] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/23/1e4bb617-3b548877 --> a2ea.class <<< Contains signature of the Java virus JAVA/Agent.HO

ALERT: [EXP/CVE-2008-5353.TV] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/23/1e4bb617-3b548877 --> a3c1.class <<< Contains signature of the exploits EXP/CVE-2008-5353.TV

ALERT: [EXP/CVE-2008-5353.UJ] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/23/1e4bb617-3b548877 --> ab66.class <<< Contains signature of the exploits EXP/CVE-2008-5353.UJ

ALERT: [Java/Agent.HR] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/23/1e4bb617-3b548877 --> ac60.class <<< Contains signature of the Java virus JAVA/Agent.HR

ALERT: [EXP/CVE-2008-5353.TZ] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/23/1e4bb617-3b548877 --> WhatTheJava.class <<< Contains signature of the exploits EXP/CVE-2008-5353.TZ

ALERT: [JAVA/OpenConnect.CF] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/1df5f5a-3577f43e --> bpac/a.class <<< Contains signature of the Java virus JAVA/OpenConnect.CF

ALERT: [Java/Exdoer.AF] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/57f9ce1a-35ef16fb --> durdom/huiak.class <<< Contains signature of the Java virus JAVA/Exdoer.AF

ALERT: [JAVA/OpenStream.L] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/57f9ce1a-35ef16fb --> durdom/Stremer.class <<< Contains signature of the Java virus JAVA/OpenStream.L

ALERT: [Java/Agent.BH] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/182df022-1d287d89 --> dev/s/AdgredY.class <<< Contains signature of the Java virus JAVA/Agent.BH

ALERT: [Java/Agent.M.2] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/182df022-1d287d89 --> dev/s/DyesyasZ.class <<< Contains signature of the Java virus JAVA/Agent.M.2

ALERT: [Java/Agent.M.1] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/182df022-1d287d89 --> dev/s/LoaderX.class <<< Contains signature of the Java virus JAVA/Agent.M.1

ALERT: [Java/Exdoer.O] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/1b47fc6b-35e83de5 --> check/circle.class <<< Contains signature of the Java virus JAVA/Exdoer.O

ALERT: [JAVA/OpenConnect.CF] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/353d6bf3-462d0407 --> bpac/a.class <<< Contains signature of the Java virus JAVA/OpenConnect.CF

ALERT: [Java/Exdoer.BB.2] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/c72e3fa-2f5b0ede --> olig/aret.class <<< Contains signature of the Java virus JAVA/Exdoer.BB.2

ALERT: [Java/Exdoer.BE.2] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/c72e3fa-2f5b0ede --> manty/rova.class <<< Contains signature of the Java virus JAVA/Exdoer.BE.2

ALERT: [Java/Agent.JH] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/7/3b73d207-4751445f --> plugin/adobe.class <<< Contains signature of the Java virus JAVA/Agent.JH

ALERT: [Java/Exdoer.AB] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/7/3b73d207-4751445f --> plugin/ping.class <<< Contains signature of the Java virus JAVA/Exdoer.AB

ALERT: [Java/Agent.JG] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/7/3b73d207-4751445f --> plugin/sportGame.class <<< Contains signature of the Java virus JAVA/Agent.JG

ALERT: [JAVA/Decouvert.AS] /media/Devices/sda2/Users/user_non_admin/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/7be78a09-2d394d8e <<< Contains signature of the Java virus JAVA/Decouvert.AS

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_non_admin/Documents/WISO Mein Geld/Backup/MeinGeld~1.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_non_admin/Documents/WISO Mein Geld/MeinGeld.backup.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_non_admin/Documents/WISO Mein Geld/MeinGeld.mgz

WARNING: [Bad compressed data] /media/Devices/sda2/Users/user_non_admin/Downloads/cdex_151.exe

WARNING: [Bad archive header] /media/Devices/sda2/Users/user_admin/AppData/LocalLow/Sun/Java/jdk1.6.0_20/st160200.cab

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~12.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld_20081229.mgb

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~1.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~10.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~11.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~13.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~14.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~15.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~16.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~18.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~19.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~2.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~3.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~4.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~5.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~6.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~7.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~8.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/Backup/MeinGeld~9.mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/MeinGeld.backup(2).mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/MeinGeld.backup(3).mgz

WARNING: [File is encrypted] /media/Devices/sda2/Users/user_admin/Documents/WISO Mein Geld/MeinGeld.backup.mgz

WARNING: [Unsupported archive version] /media/Devices/sda2/Program Files/CDex_150/uninstall.exe

WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Program Files/Kroll Ontrack/Ontrack EasyRecovery Professional Trial/fil.dat

WARNING: [Unsupported archive version] /media/Devices/sda3/$RECYCLE.BIN/S-1-5-21-2793383824-1827461507-781344404-1003/$RAUEMJC/Pencil-1.1.1.win32.installer.exe --> ProgramFilesDir/pencil.exe

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_non_admin/WISO Mein Geld/Backup/MeinGeld~1.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_non_admin/WISO Mein Geld/Backup/MeinGeld~2.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_non_admin/WISO Mein Geld/Backup/MeinGeld~3.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_non_admin/WISO Mein Geld/Backup/MeinGeld~4.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_non_admin/WISO Mein Geld/Backup/MeinGeld~5.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_non_admin/WISO Mein Geld/MeinGeld.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~13.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld_20081229.mgb

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~1.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~10.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~11.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~12.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~14.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~15.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~16.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~17.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~18.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~19.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~2.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~20.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~3.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~4.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~5.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~6.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~7.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/Backup/MeinGeld~9.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/MeinGeld.backup.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/Seb/WISO Mein Geld/MeinGeld.mgz

WARNING: [Unexpected end of file] /media/Devices/sda3/backup/Seb/workspace/ProfileProject/DefaultMonitor_name-94dc3e6784_6108_org.eclipse.tptp.jvmti_Samstag,23.Februar20081130UhrMEZ.trcaxmi

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_admin/WISO Mein Geld/Backup/MeinGeld~1.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_admin/WISO Mein Geld/Backup/MeinGeld~2.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_admin/WISO Mein Geld/Backup/MeinGeld~3.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_admin/WISO Mein Geld/Backup/MeinGeld~4.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_admin/WISO Mein Geld/Backup/MeinGeld~5.mgz

WARNING: [File is encrypted] /media/Devices/sda3/backup/user_admin/WISO Mein Geld/MeinGeld.mgz

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.19/f47877208.asf

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.27/f49054096.tar.gz --> /media/Devices/sda3/recovery/recup_dir.27/f49054096.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.27/f49054560.tar.gz --> /media/Devices/sda3/recovery/recup_dir.27/f49054560.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.27/f49055040.tar.gz --> /media/Devices/sda3/recovery/recup_dir.27/f49055040.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.27/f49162056.rpm --> avr-binutils-2.13.90.030512-1.src.cpio.gz --> /tmp/AV-tmp

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49211172.rpm --> avr-libc-20030512cvs-1.src.cpio.gz --> /tmp/AV-tmp

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49176408.rpm --> avr-gcc-3.2.90.20030512-1.src.cpio.gz --> AV0008da1a

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49199616.rpm --> avr-gcc-3.2.90.20030512-1.src.cpio.gz --> AV0008da2d

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49214100.rpm --> avr-libc-20030512cvs-1.src.cpio.gz --> /tmp/AV-tmp

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49220788.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49220804.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49221813.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49222591.tar

ALERT: [TR/Crypt.XPACK.Gen] /media/Devices/sda3/recovery/recup_dir.28/f49223292.exe <<< Is the Trojan horse TR/Crypt.XPACK.Gen

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49226555.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49226560.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49240069.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.28/f49245822.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.29/f50461747.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.29/f50484014.tar

WARNING: [Bad archive header] /media/Devices/sda3/recovery/recup_dir.29/f50529340.cab

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.29/f50549271.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.29/f50551204.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.29/f50575190.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50597536.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50598582.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50600311.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50600369.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50604317.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50618624.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50618640.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50619649.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50619707.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50624495.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50637989.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50643762.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50678370.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50682215.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50704834.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50777171.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50779728.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50810122.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50840796.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50849141.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.30/f50837190.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.31/f50892629.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.31/f50897434.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.31/f50925109.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.31/f51006446.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.31/f51008859.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.32/f51038973.tar

WARNING: [Unexpected end of block read] /media/Devices/sda3/recovery/recup_dir.32/f51067719.tar

ALERT: [TR/Crypt.XPACK.Gen] /media/Devices/sda3/recovery/recup_dir.33/f51274604.exe <<< Is the Trojan horse TR/Crypt.XPACK.Gen

WARNING: [Bad compressed data] /media/Devices/sda3/recovery/recup_dir.33/f51287668.cab

WARNING: [Bad archive header] /media/Devices/sda3/recovery/recup_dir.33/f51329576.cab

WARNING: [Bad compressed data] /media/Devices/sda3/recovery/recup_dir.33/f51334488.cab

WARNING: [Bad compressed data] /media/Devices/sda3/recovery/recup_dir.33/f51345320.cab

WARNING: [Bad compressed data] /media/Devices/sda3/recovery/recup_dir.33/f51350088.cab

WARNING: [Bad archive header] /media/Devices/sda3/recovery/recup_dir.33/f51360832.exe

WARNING: [Bad archive header] /media/Devices/sda3/recovery/recup_dir.33/f51368208.cab

WARNING: [Bad archive header] /media/Devices/sda3/recovery/recup_dir.33/f51369372.cab

WARNING: [Bad archive header] /media/Devices/sda3/recovery/recup_dir.33/f51370572.cab

WARNING: [Bad archive header] /media/Devices/sda3/recovery/recup_dir.33/f51374052.cab

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.33/f51376584.cab

WARNING: [Archive not completly scanned. Reason: can't extract rest of archive] /media/Devices/sda3/recovery/recup_dir.33/f51376584.cab

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.33/f51404456.cab

WARNING: [Archive not completly scanned. Reason: can't extract rest of archive] /media/Devices/sda3/recovery/recup_dir.33/f51404456.cab

WARNING: [Bad compressed data] /media/Devices/sda3/recovery/recup_dir.33/f51354852.cab

WARNING: [Bad compressed data] /media/Devices/sda3/recovery/recup_dir.33/f51449548.cab

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.33/f51482068.cab

WARNING: [Archive not completly scanned. Reason: can't extract rest of archive] /media/Devices/sda3/recovery/recup_dir.33/f51482068.cab

WARNING: [Bad compressed data] /media/Devices/sda3/recovery/recup_dir.34/f51536792.cab

WARNING: [Bad compressed data] /media/Devices/sda3/recovery/recup_dir.35/f51624992.cab

WARNING: [Error writing file] /media/Devices/sda3/recovery/recup_dir.35/f51636000.cab

WARNING: [Bad decompression table] /media/Devices/sda3/recovery/recup_dir.4/f10785368.chm

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

WARNING: [A malformed archive header was detected] /media/Devices/sda3/recovery/recup_dir.8/f25467472.class

Statistics :
Directories............... : 29331
Archives.................. : 4141
Files..................... : 703429
Infected.............. : 29
Ignored........... : 29
Warnings.............. : 189
Suspicious............ : 0
Infections................ : 29

Ich habe Avira zweimal laufen lassen; einmal nur zum Scan, und einmal mit der Option, "wenn ich reparierbar, löschen". Das das Log-File oben jedoch nicht zum "Löschen"-Lauf passt "Ignored ... 29", werde ich jetzt Avira noch einmal durchlaufen lassen. ... nur um sicherzugehen, dass ich mit dem ganzen Aktionen, die ich heute schon gemacht habe, nichts verwechselt habe.

cosinus · 18.04.2011, 16:31

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

fubahr · 18.04.2011, 17:43

Auffällig ist hier nur die Datei "sptd.sys", die lt. file.net zu den Daemon Tools oder Alcohol gehört. Ich habe keines der beiden Tools installiert.

[EDIT] unhide habe ich noch nicht ausgeführt; ich kann auf alle "eigenen Dateien" zugreifen [/EDIT]

Hier das Log vom TDSSKiller:

Zitat:

2011/04/18 19:31:47.0182 1064 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 19:31:47.0510 1064 ================================================================================
2011/04/18 19:31:47.0510 1064 SystemInfo:
2011/04/18 19:31:47.0510 1064
2011/04/18 19:31:47.0510 1064 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/18 19:31:47.0510 1064 Product type: Workstation
2011/04/18 19:31:47.0510 1064 ComputerName: MOBIL
2011/04/18 19:31:47.0510 1064 UserName: user_admin
2011/04/18 19:31:47.0510 1064 Windows directory: C:\Windows
2011/04/18 19:31:47.0510 1064 System windows directory: C:\Windows
2011/04/18 19:31:47.0510 1064 Processor architecture: Intel x86
2011/04/18 19:31:47.0510 1064 Number of processors: 2
2011/04/18 19:31:47.0510 1064 Page size: 0x1000
2011/04/18 19:31:47.0510 1064 Boot type: Normal boot
2011/04/18 19:31:47.0510 1064 ================================================================================
2011/04/18 19:31:48.0151 1064 Initialize success
2011/04/18 19:31:53.0057 3332 ================================================================================
2011/04/18 19:31:53.0057 3332 Scan started
2011/04/18 19:31:53.0057 3332 Mode: Manual;
2011/04/18 19:31:53.0057 3332 ================================================================================
2011/04/18 19:31:55.0526 3332 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/18 19:31:55.0573 3332 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/18 19:31:55.0620 3332 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/18 19:31:55.0682 3332 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/18 19:31:55.0745 3332 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/18 19:31:55.0901 3332 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/18 19:31:55.0963 3332 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/18 19:31:56.0010 3332 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/18 19:31:56.0057 3332 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/18 19:31:56.0104 3332 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/18 19:31:56.0151 3332 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/18 19:31:56.0291 3332 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/18 19:31:56.0338 3332 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/18 19:31:56.0370 3332 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/18 19:31:56.0432 3332 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/18 19:31:56.0479 3332 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/18 19:31:56.0510 3332 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/18 19:31:56.0682 3332 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/18 19:31:56.0791 3332 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/18 19:31:56.0838 3332 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/18 19:31:56.0885 3332 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/18 19:31:56.0916 3332 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/18 19:31:57.0104 3332 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/18 19:31:57.0338 3332 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/18 19:31:57.0463 3332 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/18 19:31:57.0604 3332 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/18 19:31:57.0682 3332 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/18 19:31:57.0745 3332 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/18 19:31:57.0823 3332 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/18 19:31:57.0885 3332 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/18 19:31:58.0010 3332 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/18 19:31:58.0088 3332 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/18 19:31:58.0135 3332 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/18 19:31:58.0182 3332 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/18 19:31:58.0198 3332 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/18 19:31:58.0245 3332 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/18 19:31:58.0323 3332 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/18 19:31:58.0495 3332 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/18 19:31:58.0573 3332 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/18 19:31:58.0666 3332 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/18 19:31:58.0823 3332 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/18 19:31:58.0870 3332 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/18 19:31:58.0916 3332 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/18 19:31:58.0963 3332 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/18 19:31:59.0010 3332 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/18 19:31:59.0073 3332 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/18 19:31:59.0182 3332 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/18 19:31:59.0448 3332 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/18 19:31:59.0510 3332 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/18 19:31:59.0588 3332 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/18 19:31:59.0901 3332 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/18 19:32:00.0323 3332 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/18 19:32:01.0338 3332 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/18 19:32:01.0901 3332 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/18 19:32:02.0182 3332 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/18 19:32:02.0260 3332 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/18 19:32:02.0323 3332 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/18 19:32:02.0432 3332 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/18 19:32:02.0682 3332 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/18 19:32:02.0885 3332 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/18 19:32:03.0166 3332 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/18 19:32:03.0291 3332 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/18 19:32:03.0479 3332 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/18 19:32:03.0541 3332 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/18 19:32:03.0635 3332 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/18 19:32:03.0791 3332 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/18 19:32:03.0885 3332 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/18 19:32:03.0932 3332 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/18 19:32:03.0979 3332 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/18 19:32:04.0041 3332 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 19:32:04.0182 3332 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/18 19:32:04.0307 3332 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/18 19:32:04.0370 3332 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/18 19:32:04.0448 3332 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/18 19:32:04.0510 3332 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/18 19:32:04.0588 3332 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/18 19:32:04.0760 3332 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/18 19:32:04.0823 3332 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/18 19:32:04.0916 3332 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/18 19:32:06.0370 3332 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/18 19:32:06.0745 3332 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/18 19:32:06.0823 3332 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/18 19:32:06.0885 3332 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/18 19:32:06.0932 3332 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 19:32:06.0979 3332 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/18 19:32:07.0026 3332 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/18 19:32:07.0260 3332 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/18 19:32:07.0323 3332 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/18 19:32:07.0370 3332 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/18 19:32:07.0432 3332 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/18 19:32:07.0854 3332 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/18 19:32:08.0307 3332 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/18 19:32:08.0901 3332 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/18 19:32:09.0182 3332 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/18 19:32:09.0291 3332 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/18 19:32:09.0323 3332 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/18 19:32:09.0370 3332 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/18 19:32:09.0401 3332 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/18 19:32:09.0448 3332 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/18 19:32:09.0479 3332 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/18 19:32:09.0776 3332 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/18 19:32:09.0838 3332 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/18 19:32:09.0885 3332 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/18 19:32:09.0932 3332 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/18 19:32:10.0088 3332 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/18 19:32:10.0151 3332 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/18 19:32:10.0198 3332 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/18 19:32:10.0245 3332 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/18 19:32:10.0291 3332 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/18 19:32:10.0338 3332 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 19:32:10.0651 3332 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 19:32:10.0713 3332 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 19:32:10.0760 3332 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/18 19:32:10.0791 3332 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/18 19:32:11.0057 3332 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/18 19:32:11.0135 3332 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/18 19:32:11.0166 3332 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/18 19:32:11.0229 3332 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/18 19:32:11.0338 3332 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/18 19:32:11.0370 3332 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/18 19:32:11.0432 3332 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/18 19:32:11.0573 3332 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/18 19:32:11.0651 3332 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/18 19:32:11.0713 3332 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/18 19:32:12.0073 3332 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/18 19:32:12.0245 3332 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/18 19:32:12.0338 3332 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/18 19:32:12.0416 3332 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/18 19:32:12.0479 3332 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/18 19:32:12.0510 3332 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/18 19:32:12.0541 3332 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/18 19:32:12.0573 3332 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/18 19:32:13.0010 3332 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/18 19:32:13.0541 3332 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/18 19:32:15.0073 3332 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/04/18 19:32:15.0479 3332 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/18 19:32:15.0573 3332 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/18 19:32:15.0604 3332 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/18 19:32:15.0713 3332 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/18 19:32:15.0963 3332 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/18 19:32:16.0041 3332 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/18 19:32:16.0120 3332 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/18 19:32:16.0463 3332 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/18 19:32:16.0916 3332 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/18 19:32:17.0135 3332 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/18 19:32:17.0213 3332 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/18 19:32:17.0338 3332 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/18 19:32:17.0432 3332 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/18 19:32:17.0698 3332 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/18 19:32:18.0026 3332 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/18 19:32:18.0338 3332 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/18 19:32:18.0432 3332 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/18 19:32:18.0932 3332 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/18 19:32:19.0198 3332 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/18 19:32:19.0276 3332 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/18 19:32:19.0385 3332 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/18 19:32:19.0620 3332 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/18 19:32:19.0666 3332 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/18 19:32:19.0713 3332 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/18 19:32:19.0776 3332 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/18 19:32:19.0823 3332 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 19:32:20.0166 3332 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/18 19:32:20.0479 3332 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/18 19:32:20.0526 3332 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/18 19:32:20.0916 3332 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/18 19:32:21.0026 3332 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 19:32:21.0229 3332 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/18 19:32:21.0276 3332 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/18 19:32:21.0573 3332 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/18 19:32:21.0651 3332 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/18 19:32:21.0760 3332 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/18 19:32:22.0010 3332 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/18 19:32:22.0354 3332 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/18 19:32:22.0479 3332 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/18 19:32:22.0510 3332 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/18 19:32:22.0573 3332 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/18 19:32:22.0635 3332 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/18 19:32:22.0698 3332 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/18 19:32:22.0745 3332 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/18 19:32:22.0838 3332 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/04/18 19:32:22.0901 3332 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/18 19:32:23.0026 3332 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/18 19:32:23.0073 3332 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/18 19:32:23.0135 3332 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/18 19:32:23.0182 3332 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/18 19:32:23.0245 3332 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/18 19:32:23.0276 3332 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/18 19:32:23.0338 3332 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/18 19:32:23.0463 3332 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/18 19:32:23.0651 3332 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/18 19:32:23.0651 3332 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/18 19:32:23.0666 3332 sptd - detected Locked file (1)
2011/04/18 19:32:23.0791 3332 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/04/18 19:32:24.0166 3332 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/18 19:32:24.0354 3332 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/18 19:32:24.0713 3332 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/04/18 19:32:25.0088 3332 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/04/18 19:32:25.0354 3332 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/18 19:32:25.0463 3332 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/18 19:32:25.0932 3332 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/04/18 19:32:26.0198 3332 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/18 19:32:26.0276 3332 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/18 19:32:26.0338 3332 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/18 19:32:26.0385 3332 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/18 19:32:26.0995 3332 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/18 19:32:27.0338 3332 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/18 19:32:27.0620 3332 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/18 19:32:27.0666 3332 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/18 19:32:27.0698 3332 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/18 19:32:27.0729 3332 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/18 19:32:28.0135 3332 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/18 19:32:28.0307 3332 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys
2011/04/18 19:32:28.0463 3332 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 19:32:28.0541 3332 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/18 19:32:28.0620 3332 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/18 19:32:28.0682 3332 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/18 19:32:28.0807 3332 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/18 19:32:28.0885 3332 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/18 19:32:28.0932 3332 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/18 19:32:29.0135 3332 USB28xxBGA (b6c763b7c482933d336246fdb5f0810c) C:\Windows\system32\DRIVERS\emBDA.sys
2011/04/18 19:32:29.0245 3332 USB28xxOEM (a4a9300971fb444b1872a681b74f2aa6) C:\Windows\system32\DRIVERS\emOEM.sys
2011/04/18 19:32:29.0323 3332 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/04/18 19:32:29.0526 3332 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/18 19:32:29.0604 3332 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/18 19:32:29.0682 3332 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/18 19:32:29.0776 3332 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/18 19:32:29.0823 3332 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/18 19:32:29.0870 3332 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/18 19:32:29.0932 3332 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/18 19:32:29.0979 3332 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 19:32:30.0026 3332 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/18 19:32:30.0151 3332 VBoxDrv (3e4b3de332634151d10bca5c0f3dd226) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/04/18 19:32:30.0198 3332 VBoxNetAdp (02cf071ee8cad9667ec0736c57360b70) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/04/18 19:32:30.0245 3332 VBoxNetFlt (9200e34447dd628c0080f41b15378e83) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/04/18 19:32:30.0276 3332 VBoxUSBMon (be71306e451c5f9de9a64b32038314ee) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/04/18 19:32:30.0323 3332 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/18 19:32:30.0370 3332 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/18 19:32:30.0416 3332 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/18 19:32:30.0495 3332 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/18 19:32:30.0588 3332 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/18 19:32:30.0651 3332 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/18 19:32:30.0682 3332 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/18 19:32:30.0760 3332 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/18 19:32:30.0823 3332 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/18 19:32:30.0901 3332 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/18 19:32:30.0995 3332 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/18 19:32:31.0057 3332 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/18 19:32:31.0135 3332 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/18 19:32:31.0182 3332 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/18 19:32:31.0245 3332 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/18 19:32:31.0307 3332 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 19:32:31.0323 3332 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 19:32:31.0385 3332 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/18 19:32:31.0432 3332 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/18 19:32:31.0604 3332 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/18 19:32:31.0682 3332 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/18 19:32:31.0807 3332 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/18 19:32:31.0885 3332 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/18 19:32:32.0088 3332 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/18 19:32:32.0370 3332 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/18 19:32:32.0713 3332 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 19:32:33.0135 3332 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/04/18 19:32:33.0213 3332 ================================================================================
2011/04/18 19:32:33.0213 3332 Scan finished
2011/04/18 19:32:33.0213 3332 ================================================================================
2011/04/18 19:32:33.0229 0384 Detected object count: 1
2011/04/18 19:32:44.0666 0384 Locked file(sptd) - User select action: Skip

Danke und Gruß,
fubahr

cosinus · 18.04.2011, 18:11

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

fubahr · 18.04.2011, 18:47

Wie angeraten habe ich den CClener drüber laufen lassen und anschließend ComboFix.

Hier das Log vom ComboFix:
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-04-17.03 - user_admin 18.04.2011  20:33:11.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2038.1214 [GMT 2:00]
ausgeführt von:: c:\users\user_admin\Downloads\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-18 bis 2011-04-18  ))))))))))))))))))))))))))))))
.
.
2011-04-18 18:27 . 2011-04-18 18:27	--------	d-----w-	c:\program files\CCleaner
2011-04-18 14:13 . 2011-04-18 14:13	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2011-04-18 14:12 . 2011-04-18 14:12	--------	d-----w-	c:\program files\LSoft Technologies
2011-04-18 10:53 . 2011-04-18 10:53	--------	d-----w-	c:\users\user_admin\AppData\Roaming\Malwarebytes
2011-04-18 10:53 . 2011-04-18 10:53	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-18 10:53 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 10:53 . 2011-04-18 10:53	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-18 10:53 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-18 10:47 . 2011-04-18 10:47	--------	d-----w-	c:\program files\Common Files\Java
2011-04-18 07:51 . 2011-04-18 07:51	--------	d-----w-	c:\users\user_admin\AppData\Roaming\Avira
2011-04-15 16:09 . 2011-03-03 03:31	2331136	----a-w-	c:\windows\system32\win32k.sys
2011-04-15 16:09 . 2011-02-12 05:30	191488	----a-w-	c:\windows\system32\FXSCOVER.exe
2011-04-15 16:09 . 2011-03-08 05:38	740864	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-15 16:09 . 2011-03-11 05:40	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2011-04-15 16:09 . 2011-03-11 05:40	1137664	----a-w-	c:\windows\system32\mfc42.dll
2011-04-15 16:09 . 2011-02-23 05:05	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 16:09 . 2011-02-23 05:05	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 16:09 . 2011-02-23 05:05	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 16:09 . 2011-02-23 05:05	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-04-15 16:06 . 2011-03-15 04:05	6792528	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4286D501-20AD-4835-AF27-7D5112BE3002}\mpengine.dll
2011-04-04 18:21 . 2011-04-04 18:21	--------	d-----w-	c:\program files\Google
2011-04-04 17:46 . 2011-04-04 17:46	--------	d-----w-	c:\program files\BRL-CAD
2011-03-20 16:19 . 2011-03-20 16:20	--------	d-----w-	c:\program files\Kabel_Deutschland
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 17:20 . 2010-08-11 20:59	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-02 19:40 . 2010-08-24 09:26	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2010-08-11 21:11	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-09-12 09:15 . 2010-09-12 09:14	454656	----a-w-	c:\program files\putty.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\user_admin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-10-26 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\user_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\user_non_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53	141608	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-18 691696]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-05 111312]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.kabeldeutschland.de/portal
TCP: {A257E54C-09FC-41B7-81E5-579C45360CA9} = 192.168.201.250
FF - ProfilePath - c:\users\user_admin\AppData\Roaming\Mozilla\Firefox\Profiles\gkicd4tk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kabeldeutschland.de/portal
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-18  20:41:13
ComboFix-quarantined-files.txt  2011-04-18 18:41
.
Vor Suchlauf: 900.812.800 Bytes frei
Nach Suchlauf: 5.167.185.920 Bytes frei
.
- - End Of File - - 5C6A9D73B30BCCEB982621E0FA6C8759

--- --- ---

cosinus · 18.04.2011, 18:49

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

fubahr · 18.04.2011, 19:20

Ich habe zunächst nur GMER ausgeführt und danach, wie in der Anleitung zu lesen stand, neu gestartet. Eine Anmeldung meines "user_non_admin" zeigte, dass der BKA-Trojaner nicht mehr geladen wird - der Desktop des Users ist wieder benutzbar.

Ist das Problem damit gelöst oder sind noch weitere Untersuchungen nötig, um sicherzustellen, dass das System wieder "keimfrei" ist?

Hier das Log von GMER:
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-18 20:06:58
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 HTS541010G9SA00 rev.MBZOC60R
Running: p15k2rqe.exe; Driver: C:\Users\user_a~1\AppData\Local\Temp\pxldypod.sys

---- Kernel code sections - GMER 1.0.15 ----
.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                          82A91589 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82AB6092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\spaf.sys                                                                                Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                    92C75CA0 5 Bytes  JMP 85AEC1D8 
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                               Das System kann die angegebene Datei nicht finden. !
?               C:\Users\user_a~1\AppData\Local\Temp\catchme.sys                                                         Das System kann die angegebene Datei nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                 [888AE042] \SystemRoot\System32\Drivers\spaf.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                [888AE6D6] \SystemRoot\System32\Drivers\spaf.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                         [888AE800] \SystemRoot\System32\Drivers\spaf.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                          [888AE13E] \SystemRoot\System32\Drivers\spaf.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT             C:\Windows\System32\rundll32.exe[2248] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75225E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2248] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [75225E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [75225E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75225E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device          \FileSystem\Ntfs \Ntfs                                                                                   84A691F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{A257E54C-09FC-41B7-81E5-579C45360CA9}                                 85A581F8
Device          \Driver\volmgr \Device\VolMgrControl                                                                     84A651F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                         85B1B1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                         85B1B1F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                         85B1B1F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                         85B1B1F8
Device          \Driver\usbehci \Device\USBPDO-4                                                                         85B23500
Device          \Driver\USBSTOR \Device\00000070                                                                         859891F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                   84A651F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000071                                                                         859891F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                   84A651F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                             859971F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                              84A671F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                       84A671F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                       84A671F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                              84A671F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                   84A651F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume4                                                                   84A651F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                  85A581F8
Device          \Driver\ACPI_HAL \Device\0000004e                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\NetBT \Device\NetBT_Tcpip_{E3AD0EAE-68A4-482C-AB84-13108F637BEF}                                 85A581F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                         85B1B1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                         85B1B1F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                         85B1B1F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                         85B1B1F8
Device          \Driver\usbehci \Device\USBFDO-4                                                                         85B23500
---- Registry - GMER 1.0.15 ----
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                       771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                       285507792
---- EOF - GMER 1.0.15 ----

--- --- ---

Danke und Gruß,
fubahr

cosinus · 18.04.2011, 19:35

Ja bitte poste auch die anderen Logs. Das gehört bei mir zur Standardauswertung.

fubahr · 18.04.2011, 19:50

Hier das Log vom osam:
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 20:44:17 on 18.04.2011

OS: Windows 7  (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\SEBAST~1\AppData\Local\Temp\catchme.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\user_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SansaDispatch" - "SanDisk Corporation" - C:\Users\user_admin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"NMSAccess" (NMSAccess) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index
[/CODE]

Und hier das Ergebnis vom MBRCheck:

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:                Windows 7 Professional
Windows Information:             (build 7600), 32-bit
Logical Drives Mask:            0x0000003c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000008`a4400000  (NTFS)

      Size  Device Name          MBR Status
  --------------------------------------------
     93 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
Press ENTER to exit...

Ist jetzt schon die "Ursache" erkennbar oder haben wir die Quelle mehr oder weniger beiläufig mit einem der Programme entfernt?

cosinus · 18.04.2011, 20:35

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

fubahr · 19.04.2011, 06:37

Hier das Log von SuperAntiSpyware:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/19/2011 at 07:16 AM

Application Version : 4.50.1002

Core Rules Database Version : 6868
Trace Rules Database Version: 4680

Scan type       : Complete Scan
Total Scan Time : 00:29:19

Memory items scanned      : 622
Memory threats detected   : 0
Registry items scanned    : 8238
Registry threats detected : 0
File items scanned        : 25849
File threats detected     : 94

Adware.Tracking Cookie
	ia.media-imdb.com [ C:\Users\user_non_admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H28ZJVTH ]
	imagesrv.adition.com [ C:\Users\user_non_admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H28ZJVTH ]
	www.ardmediathek.de [ C:\Users\user_non_admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H28ZJVTH ]
	de.sitestat.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	de.sitestat.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.doubleclick.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.adfarm1.adition.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	ad2.adfarm1.adition.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.media6degrees.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.media6degrees.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.media6degrees.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.specificclick.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.specificclick.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.fastclick.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.fastclick.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.fastclick.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.smartadserver.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.smartadserver.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.smartadserver.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.smartadserver.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.serving-sys.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.serving-sys.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.serving-sys.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	ad3.adfarm1.adition.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.bs.serving-sys.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.apmebf.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.mediaplex.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.tracking.quisma.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.tradedoubler.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.tradedoubler.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.tradedoubler.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	banner.testberichte.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	www.googleadservices.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.mediaplex.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.traffictrack.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	eas.apm.emediate.eu [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	eas.apm.emediate.eu [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	adfarm1.adition.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	ad1.adfarm1.adition.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	www.etracker.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.specificclick.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.specificclick.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.adviva.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.autoscout24.112.2o7.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.serving-sys.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.mediaplex.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.adtech.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	www.googleadservices.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.tracker.twenga.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	urbia.wwe-media.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	www.etracker.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.tracking.quisma.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.unitymedia.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.unitymedia.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.tracking.quisma.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	www.googleadservices.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	www.googleadservices.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	www.zanox-affiliate.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.traffictrack.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.zanox-affiliate.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.adfarm1.adition.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.adtech.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.adtech.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	www.etracker.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.nextag.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.nextag.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	partners.webmasterplan.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.conrad.122.2o7.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.adtech.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.im.banner.t-online.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	de.sitestat.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	de.sitestat.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	weihnachtsmarkt-finder.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	www.etracker.de [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.ikea.122.2o7.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.oms.122.2o7.net [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	eas4.emediate.eu [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	ad4.adfarm1.adition.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	eas4.emediate.eu [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]
	.tracking.quisma.com [ C:\Users\user_non_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dit21er5.default\cookies.sqlite ]

Und hier das aktuelle von Malewarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6392

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.04.2011 22:21:12
mbam-log-2011-04-18 (22-21-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 294670
Laufzeit: 41 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 19.04.2011, 19:30

Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

fubahr · 20.04.2011, 08:49

Nein, ich habe keine Probleme mehr mit dem Rechner.

Ich danke dir für deine Zeit und die Unterstützung! Das ist wirklich toll, mit welchem Engagement und Know-How ihr den Usern hier helft.

Danke und Gruß,
fubahr.

18.04.2011, 16:15	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Logfileanalyse für Suche nach "BKA-Trojaner" Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ __________________

18.04.2011, 19:35	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Logfileanalyse für Suche nach "BKA-Trojaner" Ja bitte poste auch die anderen Logs. Das gehört bei mir zur Standardauswertung. __________________ Logfiles bitte immer in CODE-Tags posten

18.04.2011, 20:35	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Logfileanalyse für Suche nach "BKA-Trojaner" Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

19.04.2011, 19:30	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Logfileanalyse für Suche nach "BKA-Trojaner" Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit? __________________ Logfiles bitte immer in CODE-Tags posten

Logfileanalyse für Suche nach "BKA-Trojaner"

Log-Analyse und Auswertung: Logfileanalyse für Suche nach "BKA-Trojaner"