Trojaner eingefangen: Windows Recovery

Flodi · 26.04.2011, 19:50

Hallo Forumsgemeinde,

zuerst einmal ein großes Dankeschön, dass es euch gibt und ihr jedem so tatkräftig mit Rat zur Seite steht. SUPER

Nun zu meinem Problem (bei Windows Vista). Ich habe mir heute auch den Windows Recovery Trojaner eingefangen. Folgende Aktionen habe ich bereits durchgeführt:

1. rkill (3 mal angewendet)
2. Malwarebytes (Quick und vollständiger Suchlauf)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

26.04.2011 16:09:38
mbam-log-2011-04-26 (16-09-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141458
Laufzeit: 4 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sFGtypQnwU (Trojan.FakeAlert) -> Value: sFGtypQnwU -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Users\Florian\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\sfgtypqnwu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\33742600.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Florian\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Florian\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Florian\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

26.04.2011 20:16:42
mbam-log-2011-04-26 (20-16-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 373155
Laufzeit: 3 Stunde(n), 53 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

3. OTL

siehe Anhang

4. Unhide (hat wunderbar geklappt, die Ordner sind wieder alle sichtbar)

Es macht den Anschein, dass wieder alles in Ordung ist. Wäre super, wenn ihr mir das bestätigen könntet.

Flodi · 26.04.2011, 19:54

ups...hier sind nun die OTL Logs

Viele Dank für eure Antwort.

cosinus · 02.05.2011, 12:42

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Flodi · 03.05.2011, 16:46

Hi, danke für die Hilfe.

Hier ist der OTL-Text:

cosinus · 04.05.2011, 09:01

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.04.26 15:47:51 | 000,000,144 | ---- | M] () -- C:\ProgramData\~33742600r
[2011.04.26 15:47:51 | 000,000,128 | ---- | M] () -- C:\ProgramData\~33742600
[2011.04.26 15:47:38 | 000,000,344 | ---- | M] () -- C:\ProgramData\33742600
[2011.04.26 14:56:25 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.26 14:56:25 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Flodi · 04.05.2011, 19:52

Hier ist das Log nach dem OTL-Fix

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\~33742600r moved successfully.
C:\ProgramData\~33742600 moved successfully.
C:\ProgramData\33742600 moved successfully.
C:\Windows\System32\icrav03.rat moved successfully.
C:\Windows\System32\ticrf.rat moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Florian
->Temp folder emptied: 32607514 bytes
->Temporary Internet Files folder emptied: 20299274 bytes
->Java cache emptied: 6389035 bytes
->FireFox cache emptied: 193006811 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2247 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15857843 bytes
RecycleBin emptied: 25121220 bytes

Total Files Cleaned = 280,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05042011_204809

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 05.05.2011, 09:06

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Flodi · 05.05.2011, 15:34

Ok, erledigt!

2011/05/05 16:32:35.0872 5636 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 16:32:36.0418 5636 ================================================================================
2011/05/05 16:32:36.0418 5636 SystemInfo:
2011/05/05 16:32:36.0418 5636
2011/05/05 16:32:36.0418 5636 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/05 16:32:36.0418 5636 Product type: Workstation
2011/05/05 16:32:36.0418 5636 ComputerName: FLORIAN-PC
2011/05/05 16:32:36.0418 5636 UserName: Florian
2011/05/05 16:32:36.0418 5636 Windows directory: C:\Windows
2011/05/05 16:32:36.0418 5636 System windows directory: C:\Windows
2011/05/05 16:32:36.0418 5636 Processor architecture: Intel x86
2011/05/05 16:32:36.0418 5636 Number of processors: 2
2011/05/05 16:32:36.0418 5636 Page size: 0x1000
2011/05/05 16:32:36.0418 5636 Boot type: Normal boot
2011/05/05 16:32:36.0418 5636 ================================================================================
2011/05/05 16:32:36.0683 5636 Initialize success
2011/05/05 16:32:58.0882 0732 ================================================================================
2011/05/05 16:32:58.0882 0732 Scan started
2011/05/05 16:32:58.0882 0732 Mode: Manual;
2011/05/05 16:32:58.0882 0732 ================================================================================
2011/05/05 16:32:59.0412 0732 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/05 16:32:59.0506 0732 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/05 16:32:59.0615 0732 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/05 16:32:59.0646 0732 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/05 16:32:59.0709 0732 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/05 16:32:59.0787 0732 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/05 16:32:59.0943 0732 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/05 16:33:00.0052 0732 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/05 16:33:00.0099 0732 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/05 16:33:00.0130 0732 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/05 16:33:00.0504 0732 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/05 16:33:00.0707 0732 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/05 16:33:00.0769 0732 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/05 16:33:00.0801 0732 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/05 16:33:00.0863 0732 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/05 16:33:00.0910 0732 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/05 16:33:00.0972 0732 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/05 16:33:01.0019 0732 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/05 16:33:01.0081 0732 athr (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys
2011/05/05 16:33:01.0253 0732 atikmdag (6f2cc6403012375385d556bf39382b74) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/05 16:33:01.0347 0732 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/05/05 16:33:01.0378 0732 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/05/05 16:33:01.0425 0732 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/05/05 16:33:01.0456 0732 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/05/05 16:33:01.0549 0732 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/05 16:33:01.0612 0732 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/05 16:33:01.0705 0732 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/05 16:33:01.0768 0732 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/05 16:33:01.0799 0732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/05 16:33:01.0830 0732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/05 16:33:01.0877 0732 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/05 16:33:01.0893 0732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/05 16:33:01.0939 0732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/05 16:33:01.0971 0732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/05 16:33:02.0017 0732 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/05 16:33:02.0064 0732 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/05 16:33:02.0142 0732 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/05 16:33:02.0189 0732 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/05 16:33:02.0236 0732 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/05 16:33:02.0283 0732 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/05 16:33:02.0329 0732 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/05 16:33:02.0345 0732 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/05 16:33:02.0376 0732 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/05 16:33:02.0407 0732 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/05 16:33:02.0485 0732 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/05 16:33:02.0548 0732 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
2011/05/05 16:33:02.0657 0732 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/05 16:33:02.0922 0732 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/05 16:33:03.0031 0732 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/05 16:33:03.0094 0732 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/05/05 16:33:03.0141 0732 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/05 16:33:03.0219 0732 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/05 16:33:03.0297 0732 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/05 16:33:03.0343 0732 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/05 16:33:03.0437 0732 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/05 16:33:03.0515 0732 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/05 16:33:03.0562 0732 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/05 16:33:03.0609 0732 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/05 16:33:03.0655 0732 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/05 16:33:03.0702 0732 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/05 16:33:03.0733 0732 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/05 16:33:03.0796 0732 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/05 16:33:04.0045 0732 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/05 16:33:04.0092 0732 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/05 16:33:04.0139 0732 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/05 16:33:04.0233 0732 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/05 16:33:04.0279 0732 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/05 16:33:04.0326 0732 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/05 16:33:04.0357 0732 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/05 16:33:04.0420 0732 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/05 16:33:04.0482 0732 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/05 16:33:04.0545 0732 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/05 16:33:04.0576 0732 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/05 16:33:04.0623 0732 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/05 16:33:04.0685 0732 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/05 16:33:04.0716 0732 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/05 16:33:04.0794 0732 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/05 16:33:04.0950 0732 IntcAzAudAddService (ffb0b713a54dd05193dbcd0b790b37ee) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/05 16:33:05.0200 0732 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/05 16:33:05.0262 0732 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/05 16:33:05.0325 0732 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/05 16:33:05.0371 0732 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/05 16:33:05.0403 0732 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/05 16:33:05.0465 0732 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/05/05 16:33:05.0496 0732 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/05 16:33:05.0543 0732 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/05 16:33:05.0590 0732 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/05 16:33:05.0621 0732 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/05 16:33:05.0652 0732 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/05 16:33:05.0699 0732 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/05/05 16:33:05.0730 0732 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/05 16:33:05.0777 0732 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/05/05 16:33:05.0855 0732 KeyScrambler (8f1bb80d589affb9c5e9cd7544251b29) C:\Windows\system32\drivers\keyscrambler.sys
2011/05/05 16:33:05.0933 0732 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/05 16:33:06.0089 0732 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/05 16:33:06.0198 0732 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/05 16:33:06.0245 0732 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/05 16:33:06.0261 0732 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/05 16:33:06.0307 0732 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/05 16:33:06.0354 0732 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/05 16:33:06.0385 0732 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/05 16:33:06.0417 0732 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/05 16:33:06.0432 0732 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/05 16:33:06.0463 0732 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/05 16:33:06.0479 0732 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/05 16:33:06.0495 0732 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/05 16:33:06.0526 0732 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/05 16:33:06.0557 0732 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/05 16:33:06.0604 0732 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/05 16:33:06.0666 0732 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/05 16:33:06.0697 0732 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/05 16:33:06.0713 0732 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/05 16:33:06.0729 0732 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/05 16:33:06.0760 0732 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/05 16:33:06.0791 0732 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/05 16:33:06.0822 0732 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/05 16:33:06.0838 0732 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/05 16:33:06.0869 0732 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/05 16:33:06.0900 0732 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/05 16:33:06.0916 0732 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/05 16:33:06.0963 0732 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/05 16:33:06.0978 0732 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/05 16:33:07.0009 0732 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/05 16:33:07.0072 0732 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/05 16:33:07.0119 0732 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/05 16:33:07.0181 0732 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/05 16:33:07.0228 0732 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/05 16:33:07.0259 0732 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/05 16:33:07.0275 0732 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/05 16:33:07.0290 0732 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/05 16:33:07.0321 0732 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/05 16:33:07.0493 0732 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/05 16:33:07.0649 0732 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/05 16:33:07.0696 0732 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/05 16:33:07.0727 0732 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/05/05 16:33:07.0758 0732 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/05 16:33:07.0821 0732 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/05 16:33:07.0899 0732 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
2011/05/05 16:33:07.0930 0732 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/05 16:33:07.0945 0732 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/05 16:33:07.0961 0732 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/05 16:33:07.0977 0732 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/05 16:33:08.0008 0732 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/05 16:33:08.0070 0732 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/05 16:33:08.0101 0732 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/05 16:33:08.0133 0732 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/05 16:33:08.0164 0732 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/05 16:33:08.0195 0732 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/05 16:33:08.0226 0732 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/05 16:33:08.0273 0732 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/05 16:33:08.0335 0732 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/05 16:33:08.0398 0732 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/05 16:33:08.0413 0732 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/05 16:33:08.0460 0732 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/05 16:33:08.0538 0732 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/05 16:33:08.0601 0732 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/05 16:33:08.0772 0732 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/05 16:33:08.0803 0732 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/05 16:33:08.0835 0732 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/05 16:33:08.0850 0732 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/05 16:33:08.0866 0732 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/05 16:33:08.0897 0732 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/05 16:33:08.0913 0732 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/05 16:33:08.0959 0732 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/05 16:33:08.0975 0732 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/05 16:33:08.0991 0732 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/05 16:33:09.0037 0732 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/05 16:33:09.0069 0732 RTHDMIAzAudService (4a8393f03cb2f40e08126d83916c5633) C:\Windows\system32\drivers\RtHDMIV.sys
2011/05/05 16:33:09.0131 0732 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/05 16:33:09.0162 0732 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/05 16:33:09.0193 0732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/05 16:33:09.0225 0732 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/05 16:33:09.0240 0732 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/05 16:33:09.0271 0732 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/05 16:33:09.0287 0732 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/05 16:33:09.0318 0732 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/05 16:33:09.0334 0732 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/05 16:33:09.0381 0732 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/05 16:33:09.0427 0732 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/05 16:33:09.0459 0732 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/05 16:33:09.0505 0732 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/05 16:33:09.0661 0732 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/05 16:33:09.0786 0732 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/05 16:33:09.0817 0732 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/05 16:33:09.0833 0732 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/05 16:33:09.0849 0732 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/05 16:33:09.0895 0732 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
2011/05/05 16:33:09.0927 0732 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/05 16:33:09.0958 0732 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/05 16:33:09.0973 0732 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/05 16:33:10.0005 0732 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/05 16:33:10.0051 0732 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/05 16:33:10.0114 0732 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/05 16:33:10.0161 0732 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/05 16:33:10.0192 0732 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/05 16:33:10.0223 0732 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/05 16:33:10.0239 0732 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/05 16:33:10.0285 0732 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/05 16:33:10.0317 0732 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/05 16:33:10.0363 0732 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/05 16:33:10.0410 0732 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/05 16:33:10.0426 0732 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/05 16:33:10.0457 0732 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/05 16:33:10.0504 0732 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/05/05 16:33:10.0582 0732 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/05 16:33:10.0613 0732 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/05 16:33:10.0644 0732 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/05 16:33:10.0675 0732 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/05 16:33:10.0722 0732 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/05 16:33:10.0753 0732 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/05 16:33:10.0800 0732 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/05 16:33:10.0847 0732 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/05 16:33:10.0878 0732 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/05 16:33:10.0941 0732 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/05 16:33:10.0956 0732 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/05 16:33:10.0987 0732 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/05 16:33:11.0034 0732 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/05 16:33:11.0097 0732 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/05 16:33:11.0128 0732 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/05 16:33:11.0143 0732 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/05 16:33:11.0175 0732 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/05 16:33:11.0206 0732 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/05 16:33:11.0237 0732 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/05 16:33:11.0268 0732 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/05 16:33:11.0299 0732 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/05 16:33:11.0315 0732 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/05 16:33:11.0362 0732 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/05 16:33:11.0393 0732 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/05 16:33:11.0533 0732 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/05 16:33:11.0658 0732 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/05 16:33:11.0752 0732 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/05 16:33:11.0783 0732 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 16:33:11.0783 0732 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 16:33:11.0814 0732 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/05 16:33:11.0861 0732 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/05 16:33:11.0908 0732 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/05 16:33:11.0955 0732 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/05 16:33:12.0001 0732 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/05 16:33:12.0064 0732 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/05 16:33:12.0298 0732 ================================================================================
2011/05/05 16:33:12.0298 0732 Scan finished
2011/05/05 16:33:12.0298 0732 ================================================================================

cosinus · 05.05.2011, 19:11

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Flodi · 05.05.2011, 21:36

ComboFix Log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-04.04 - Florian 05.05.2011  22:12:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2327 [GMT 2:00]
ausgeführt von:: c:\users\Florian\Desktop\cofi.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-05 bis 2011-05-05  ))))))))))))))))))))))))))))))
.
.
2011-05-05 19:45 . 2011-05-05 19:45	--------	d-----w-	c:\program files\CCleaner
2011-05-04 18:48 . 2011-05-04 18:48	--------	d-----w-	C:\_OTL
2011-04-29 14:54 . 2011-04-29 14:54	--------	d-----w-	c:\users\Florian\AppData\Roaming\QFX Software
2011-04-29 14:54 . 2011-04-29 14:54	--------	d-----w-	c:\programdata\QFX Software
2011-04-28 13:25 . 2011-04-28 13:25	--------	d-----w-	c:\program files\Common Files\Java
2011-04-27 15:26 . 2011-04-27 15:26	--------	d-----w-	c:\windows\Sun
2011-04-27 15:21 . 2011-02-02 19:40	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-04-27 15:21 . 2011-04-28 13:23	--------	d-----w-	c:\program files\Java
2011-04-27 08:44 . 2011-04-27 11:09	--------	d-----w-	c:\program files\Microsoft Silverlight
2011-04-27 08:26 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-27 08:26 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 08:26 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-26 19:53 . 2011-04-26 19:53	--------	d-----w-	c:\users\Florian\AppData\Local\WindowsUpdate
2011-04-26 18:43 . 2011-04-26 18:43	--------	d-----w-	c:\program files\7-Zip
2011-04-26 14:02 . 2011-04-26 14:02	--------	d-----w-	c:\users\Florian\AppData\Roaming\Malwarebytes
2011-04-26 14:02 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 14:02 . 2011-04-26 14:02	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-26 14:02 . 2011-04-26 14:02	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-26 14:02 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-26 14:00 . 2011-04-28 17:26	--------	d-----w-	c:\program files\GridinSoft Trojan Killer
2011-04-26 12:24 . 2011-04-26 12:28	--------	d-----w-	c:\users\Florian\AppData\Roaming\Canon
2011-04-26 12:18 . 2011-04-26 12:18	--------	d-----w-	c:\programdata\CanonIJ
2011-04-26 12:16 . 2011-04-26 12:16	--------	d-----w-	c:\windows\system32\CanonIJ Uninstaller Information
2011-04-26 12:16 . 2010-12-17 12:49	438272	----a-w-	c:\windows\system32\CNQ2414L.dll
2011-04-26 12:16 . 2010-03-18 15:12	1335296	----a-w-	c:\windows\system32\CNQ2414C.dll
2011-04-26 12:16 . 2010-03-18 15:12	114688	----a-w-	c:\windows\system32\CNQ2414I.dll
2011-04-26 12:16 . 2010-03-18 15:11	106496	----a-w-	c:\windows\system32\CNQ2414U.dll
2011-04-26 12:16 . 2008-08-25 16:02	15872	----a-w-	c:\windows\system32\CNHMCA.dll
2011-04-26 12:16 . 2010-03-11 08:56	180224	----a-w-	c:\windows\system32\CNQ2414Y.dll
2011-04-26 12:16 . 2010-06-03 04:12	94208	----a-w-	c:\windows\system32\CNQ2414O.dll
2011-04-26 12:15 . 2011-04-26 12:17	--------	d-----w-	c:\program files\Canon
2011-04-26 12:12 . 2011-05-03 07:10	--------	d-----w-	c:\program files\SamsungPrinterLiveUpdate
2011-04-26 12:12 . 2009-09-11 07:47	19968	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\sst3cpc.dll
2011-04-26 12:11 . 2009-09-11 07:47	26624	----a-w-	c:\windows\system32\sst3cl3.dll
2011-04-26 12:11 . 2009-09-11 07:46	151552	----a-w-	c:\windows\system32\sst3cci.exe
2011-04-26 12:11 . 2009-09-11 07:46	65536	----a-w-	c:\windows\system32\sst3cci.dll
2011-04-26 12:11 . 2009-09-10 08:49	49152	----a-w-	c:\windows\system32\ssusbpn.dll
2011-04-26 12:11 . 2009-09-10 08:49	81920	----a-w-	c:\windows\system32\ssdevm.dll
2011-04-26 12:10 . 2009-09-10 08:49	38160	----a-w-	c:\windows\system32\msxml2r.dll
2011-04-26 12:10 . 2009-09-10 08:49	21776	----a-w-	c:\windows\system32\msxml2a.dll
2011-04-26 12:10 . 2009-09-10 08:49	701440	----a-w-	c:\windows\system32\msxml2.dll
2011-04-20 08:24 . 2011-04-20 08:24	--------	d-----w-	c:\program files\Safari
2011-04-20 08:23 . 2011-04-20 08:23	--------	d-----w-	c:\program files\iPod
2011-04-20 08:21 . 2011-04-20 08:21	--------	d-----w-	c:\program files\Bonjour
2011-04-20 08:18 . 2011-05-05 14:59	--------	d-----w-	c:\users\Florian\AppData\Roaming\Apple Computer
2011-04-20 08:18 . 2011-04-26 17:27	--------	d-----w-	c:\users\Florian\AppData\Local\Apple Computer
2011-04-20 08:18 . 2011-04-20 08:18	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-04-20 08:18 . 2009-05-18 11:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-20 08:18 . 2008-04-17 10:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2011-04-20 08:17 . 2011-04-20 08:23	--------	d-----w-	c:\program files\iTunes
2011-04-20 08:17 . 2011-04-20 08:18	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-20 08:17 . 2011-04-20 08:17	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-04-20 08:17 . 2011-04-20 08:17	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-04-20 08:17 . 2011-04-20 08:17	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-04-20 08:17 . 2011-04-20 08:17	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-04-20 08:17 . 2011-04-20 08:17	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-04-20 08:17 . 2011-04-20 08:17	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-04-20 08:17 . 2011-04-20 08:17	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-04-20 08:17 . 2011-04-20 08:17	--------	d-----w-	c:\program files\QuickTime
2011-04-20 08:17 . 2011-04-20 08:17	--------	d-----w-	c:\programdata\Apple Computer
2011-04-20 08:16 . 2011-04-20 08:16	--------	d-----w-	c:\users\Florian\AppData\Local\Apple
2011-04-20 08:16 . 2011-04-20 08:16	--------	d-----w-	c:\program files\Apple Software Update
2011-04-20 08:15 . 2011-04-20 08:23	--------	d-----w-	c:\program files\Common Files\Apple
2011-04-20 08:15 . 2011-04-20 08:19	--------	d-----w-	c:\programdata\Apple
2011-04-08 23:43 . 2011-04-08 23:43	--------	d-----w-	C:\$AVG
2011-04-08 05:21 . 2011-04-08 05:21	--------	d-----w-	c:\program files\Windows Portable Devices
2011-04-08 05:07 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2011-04-08 05:07 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2011-04-08 05:07 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2011-04-08 05:05 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-04-08 05:05 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2011-04-08 05:05 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-04-07 14:46 . 2011-01-20 16:08	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-04-07 14:46 . 2011-01-20 16:08	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-04-07 14:46 . 2011-01-20 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-04-07 14:46 . 2011-01-20 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2011-04-07 14:46 . 2011-02-22 14:13	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-07 14:46 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-04-07 14:46 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-04-07 14:46 . 2011-01-20 16:08	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-04-07 14:46 . 2011-01-20 16:08	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-04-07 14:46 . 2011-01-20 14:28	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-04-07 14:46 . 2011-01-20 14:25	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-04-07 14:46 . 2011-01-20 14:11	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-04-07 14:46 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2011-04-07 07:53 . 2011-04-07 07:53	--------	d-----w-	c:\windows\system32\ca-ES
2011-04-07 07:53 . 2011-04-07 07:53	--------	d-----w-	c:\windows\system32\eu-ES
2011-04-07 07:53 . 2011-04-07 07:53	--------	d-----w-	c:\windows\system32\vi-VN
2011-04-07 06:41 . 2011-04-07 06:41	--------	d-----w-	c:\windows\system32\EventProviders
2011-04-07 06:39 . 2009-04-11 06:28	1589248	----a-w-	c:\windows\system32\msjet40.dll
2011-04-07 06:38 . 2009-04-11 06:28	83968	----a-w-	c:\windows\system32\wbem\wmiutils.dll
2011-04-07 06:38 . 2009-04-11 06:28	744448	----a-w-	c:\windows\system32\wbem\wbemcore.dll
2011-04-07 06:38 . 2009-04-11 06:28	30208	----a-w-	c:\windows\system32\wbem\wbemprox.dll
2011-04-07 06:38 . 2009-04-11 06:28	265728	----a-w-	c:\windows\system32\wbem\repdrvfs.dll
2011-04-07 06:38 . 2009-04-11 06:28	189440	----a-w-	c:\windows\system32\wbem\mofd.dll
2011-04-07 06:38 . 2009-04-11 06:28	614912	----a-w-	c:\windows\system32\wbem\fastprox.dll
2011-04-07 06:38 . 2009-04-11 06:28	265728	----a-w-	c:\windows\system32\wbem\esscli.dll
2011-04-07 06:38 . 2009-04-11 06:28	705536	----a-w-	c:\windows\system32\SmiEngine.dll
2011-04-07 06:38 . 2009-04-11 06:28	218624	----a-w-	c:\windows\system32\wdscore.dll
2011-04-07 06:38 . 2009-04-11 06:27	130560	----a-w-	c:\windows\system32\PkgMgr.exe
2011-04-07 06:38 . 2009-04-11 06:28	247808	----a-w-	c:\windows\system32\drvstore.dll
2011-04-06 21:41 . 2011-04-06 21:41	--------	d-----w-	C:\cf1ad56c0c2e95108f65cc4eaa072754
2011-04-06 21:40 . 2011-04-06 21:40	--------	d-----w-	c:\users\Florian\AppData\Roaming\OCS
2011-04-06 21:40 . 2011-04-06 21:40	--------	d-----w-	c:\program files\ICQ-Banner-Remover
2011-04-06 21:36 . 2011-04-06 21:36	--------	d-----w-	c:\program files\ICQ6Toolbar
2011-04-06 21:36 . 2011-04-06 21:36	--------	d-----w-	c:\programdata\ICQ
2011-04-06 21:36 . 2011-05-05 20:08	--------	d-----w-	c:\users\Florian\AppData\Roaming\ICQ
2011-04-06 21:36 . 2011-05-03 15:25	--------	d-----w-	c:\program files\ICQ7.4
2011-04-06 21:10 . 2011-04-29 14:53	--------	d-----w-	c:\program files\KeyScrambler
2011-04-06 21:10 . 2011-04-24 22:14	225856	----a-w-	c:\windows\system32\drivers\keyscrambler.sys
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-04-06 01:01 . 2009-11-08 08:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2011-04-06 01:01 . 2009-11-08 08:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2011-04-06 01:01 . 2009-11-08 08:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2011-04-06 01:01 . 2009-11-08 08:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2011-04-06 01:01 . 2009-11-08 08:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 18:59 . 2011-04-26 18:59	33595	----a-w-	C:\7-Zip.zip
2011-04-26 18:46 . 2011-04-26 18:46	24408	----a-w-	C:\OTL Logs.zip
2011-04-04 02:20 . 2011-04-04 02:20	8704	----a-w-	c:\windows\system32\drivers\th-TH\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\uk-UA\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\tr-TR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	5120	----a-w-	c:\windows\system32\drivers\zh-TW\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	5120	----a-w-	c:\windows\system32\drivers\zh-HK\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	4608	----a-w-	c:\windows\system32\drivers\zh-CN\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8704	----a-w-	c:\windows\system32\drivers\ro-RO\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\sv-SE\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\sr-Latn-CS\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\sl-SI\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\sk-SK\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\ru-RU\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	9216	----a-w-	c:\windows\system32\drivers\nl-NL\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8704	----a-w-	c:\windows\system32\drivers\pt-PT\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8704	----a-w-	c:\windows\system32\drivers\pt-BR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8704	----a-w-	c:\windows\system32\drivers\pl-PL\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\nb-NO\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	7680	----a-w-	c:\windows\system32\drivers\lv-LV\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	7680	----a-w-	c:\windows\system32\drivers\lt-LT\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8704	----a-w-	c:\windows\system32\drivers\it-IT\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\hu-HU\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\hr-HR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	7680	----a-w-	c:\windows\system32\drivers\fi-FI\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	7168	----a-w-	c:\windows\system32\drivers\he-IL\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	5632	----a-w-	c:\windows\system32\drivers\ko-KR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	9216	----a-w-	c:\windows\system32\drivers\el-GR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\da-DK\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\bg-BG\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	7680	----a-w-	c:\windows\system32\drivers\et-EE\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	7680	----a-w-	c:\windows\system32\drivers\cs-CZ\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	7168	----a-w-	c:\windows\system32\drivers\ar-SA\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	6144	----a-w-	c:\windows\system32\drivers\ja-JP\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8704	----a-w-	c:\windows\system32\drivers\fr-FR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8704	----a-w-	c:\windows\system32\drivers\es-ES\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8704	----a-w-	c:\windows\system32\drivers\de-DE\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20	8192	----a-w-	c:\windows\system32\drivers\en-US\bthport.sys.mui
2011-04-03 17:59 . 2011-04-03 17:59	855	----a-w-	c:\windows\regfile_I.cmd
2011-04-03 17:59 . 2011-04-03 17:59	256	----a-w-	c:\windows\regfile_E.cmd
2011-04-03 17:55 . 2011-04-03 17:54	319456	----a-w-	c:\windows\DIFxAPI.dll
2011-04-03 17:17 . 2011-04-03 17:17	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-03 15:40 . 2011-04-27 08:26	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 08:26	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 08:26	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 08:26	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-02-18 14:36 . 2011-02-18 14:36	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2011-02-18 14:36 . 2011-02-18 14:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2011-04-29 14:48 . 2011-04-03 17:18	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-04-06 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-01-27 61440]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-03-18 618496]
"Ocs_SM"="c:\users\Florian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-04-06 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-734616948-2309867023-871678048-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Florian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-04-06 40960]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;WPFFontCache_v0400; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-03 218688]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-09-10 5120]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-04-24 225856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0411&m=aspire_7735
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\jzhh8t6a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-05 22:18
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3048)
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
Zeit der Fertigstellung: 2011-05-05  22:20:47
ComboFix-quarantined-files.txt  2011-05-05 20:20
.
Vor Suchlauf: 14 Verzeichnis(se), 207.400.288.256 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 207.346.147.328 Bytes frei
.
- - End Of File - - B9855B6610DF3D858437F53BDE9F5CC3

--- --- ---

cosinus · 06.05.2011, 09:51

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Flodi · 07.05.2011, 10:07

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-07 11:02:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: 62ng70rm.exe; Driver: C:\Users\Florian\AppData\Local\Temp\axliyfob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                      section is writeable [0x8E407000, 0x24DD0C, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4856] ntdll.dll!LdrLoadDll                                                                       779993A8 5 Bytes  JMP 013C1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [00A71210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                       Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                       Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 7735
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 152):
0x82435000 \SystemRoot\system32\ntkrnlpa.exe
0x82402000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80482000 \SystemRoot\system32\PSHED.dll
0x80493000 \SystemRoot\system32\BOOTVID.dll
0x8049B000 \SystemRoot\system32\CLFS.SYS
0x804DC000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\System32\drivers\partmgr.sys
0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80732000 \SystemRoot\system32\drivers\volmgr.sys
0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079B000 \SystemRoot\System32\Drivers\UBHelper.sys
0x82A02000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82ADD000 \SystemRoot\system32\drivers\atapi.sys
0x82AE5000 \SystemRoot\system32\drivers\ataport.SYS
0x82B03000 \SystemRoot\system32\drivers\msahci.sys
0x82B0D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B1B000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B4D000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B5D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A601000 \SystemRoot\system32\drivers\ndis.sys
0x8A70C000 \SystemRoot\system32\drivers\msrpc.sys
0x8A737000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A808000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB1E000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB57000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB5F000 \SystemRoot\System32\Drivers\mup.sys
0x8AB6E000 \SystemRoot\System32\drivers\ecache.sys
0x8AB95000 \SystemRoot\system32\drivers\disk.sys
0x8ABA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABC7000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABDD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABE8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E406000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8E873000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E913000 \SystemRoot\System32\drivers\watchdog.sys
0x8E91F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E9AC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E9B7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ABF1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A772000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x8EC0E000 \SystemRoot\system32\DRIVERS\athr.sys
0x8ECFE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8ED02000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8ED15000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8ED1F000 \SystemRoot\System32\drivers\keyscrambler.sys
0x8ED55000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ED60000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ED91000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8ED93000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8ED9E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EDB6000 \SystemRoot\system32\Drivers\NTIDrvr.sys
0x8EDBE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EDC4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EDCD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A7AC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x807A3000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EDDC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EDE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A7DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A9E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82BCE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82BE2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x807E4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EC0B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805BC000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F00C000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x8F047000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F051000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F05E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F093000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F0A4000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x8F0C8000 \SystemRoot\system32\drivers\portcls.sys
0x8F0F5000 \SystemRoot\system32\drivers\drmk.sys
0x9180B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91A45000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x91B6B000 \SystemRoot\system32\drivers\modem.sys
0x91B78000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91B81000 \SystemRoot\System32\Drivers\Null.SYS
0x91B88000 \SystemRoot\System32\Drivers\Beep.SYS
0x91B8F000 \SystemRoot\System32\drivers\vga.sys
0x91B9B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91BBC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91BC4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91BCC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91BD7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91BE5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F11A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F130000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F144000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F176000 \SystemRoot\system32\drivers\afd.sys
0x8F1BE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91BEE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F1D4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91C0A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91C46000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91C50000 \SystemRoot\System32\Drivers\dfsc.sys
0x91C67000 \SystemRoot\System32\Drivers\fastfat.SYS
0x91C8F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x91CA4000 \SystemRoot\system32\DRIVERS\udfs.sys
0x91CDF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91CF6000 \SystemRoot\System32\Drivers\usbvideo.sys
0x91D17000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91D24000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x986C0000 \SystemRoot\System32\win32k.sys
0x91C00000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F1E7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x988E0000 \SystemRoot\System32\TSDDD.dll
0x98900000 \SystemRoot\System32\cdd.dll
0x8A90D000 \SystemRoot\system32\drivers\luafv.sys
0x8A928000 \SystemRoot\system32\drivers\spsys.sys
0x9C00A000 \SystemRoot\system32\DRIVERS\irda.sys
0x9C028000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C038000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C062000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C06C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C07F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9C095000 \SystemRoot\system32\drivers\HTTP.sys
0x9C102000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C11F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C138000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C14D000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C16E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C18D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C1C6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D004000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D02C000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D0A2000 \SystemRoot\system32\drivers\peauth.sys
0x9D180000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D18A000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x9D191000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D19D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9D1B2000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9D1C4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9D1CD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9D1DD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9D1E4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9D1EC000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x9D07B000 \??\C:\Users\Florian\AppData\Local\Temp\axliyfob.sys
0x77970000 \Windows\System32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
480 C:\Windows\System32\smss.exe
620 csrss.exe
684 C:\Windows\System32\wininit.exe
696 csrss.exe
728 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\winlogon.exe
936 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\Ati2evxx.exe
1144 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\audiodg.exe
1344 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\SLsvc.exe
1396 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\svchost.exe
1804 C:\Windows\System32\spoolsv.exe
1828 C:\Windows\System32\svchost.exe
1988 C:\Windows\System32\agrsmsvc.exe
2020 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2032 C:\Windows\System32\Ati2evxx.exe
124 C:\Program Files\Bonjour\mDNSResponder.exe
308 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
612 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
840 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1104 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1380 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
1620 C:\Windows\System32\svchost.exe
1864 C:\Users\Florian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2084 C:\Windows\System32\svchost.exe
2128 C:\Windows\System32\svchost.exe
2160 C:\Windows\System32\SearchIndexer.exe
2460 WUDFHost.exe
2712 C:\Windows\System32\taskeng.exe
3188 C:\Windows\System32\taskeng.exe
3248 C:\Windows\System32\dwm.exe
3344 C:\Windows\explorer.exe
3536 C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
3544 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3552 C:\Windows\PLFSetI.exe
3560 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3612 C:\Program Files\Launch Manager\LManager.exe
3724 C:\Windows\Samsung\PanelMgr\SSMMgr.exe
3756 C:\Program Files\iTunes\iTunesHelper.exe
3764 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3820 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3932 C:\Windows\System32\wbem\unsecapp.exe
4012 WmiPrvSE.exe
2112 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
2272 C:\Users\Florian\AppData\Local\temp\RtkBtMnt.exe
252 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2788 C:\Program Files\iPod\bin\iPodService.exe
3600 C:\Windows\System32\svchost.exe
4076 C:\Windows\System32\wbem\unsecapp.exe
3720 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
3060 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3972 C:\Windows\System32\wuauclt.exe
4856 C:\Program Files\Mozilla Firefox\firefox.exe
3148 C:\Users\Florian\Downloads\62ng70rm.exe
5540 C:\Windows\System32\SearchProtocolHost.exe
5204 C:\Windows\System32\SearchFilterHost.exe
5780 C:\Windows\System32\dllhost.exe
6020 C:\Users\Florian\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus · 07.05.2011, 15:16

Was ist mit OSAM? Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden!

Flodi · 08.05.2011, 09:03

Oh sorry, habe ich übersehen. Hier ist nun das OSAM-Log

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:00:32 on 08.05.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Florian\AppData\Local\Temp\catchme.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"KeyScrambler" (KeyScrambler) - "QFX Software Corporation" - C:\Windows\System32\drivers\keyscrambler.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B745F984-EF2E-40D6-A9AC-D8CED7230E61} "ClsidExtension" - "QFX Software Corporation" - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} "KeyScramblerBHO Class" - "QFX Software Corporation" - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
"ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AmIcoSinglun" - "AlcorMicro Co., Ltd." - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"Ocs_SM" - "OCS" - C:\Users\Florian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Samsung PanelMgr" - ? - C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"SST3C Langmon" - ? - C:\Windows\system32\sst3cl3.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\audiosrv.dll,-200" (Audiosrv) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll
"@%SystemRoot%\system32\audiosrv.dll,-204" (AudioEndpointBuilder) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - ? - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe  (File not found)
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Florian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Acer" - C:\Windows\system32\Acer.scr

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 08.05.2011, 13:46

Zitat:

298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922

Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

07.05.2011, 15:16	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner eingefangen: Windows Recovery Was ist mit OSAM? Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner eingefangen: Windows Recovery

Log-Analyse und Auswertung: Trojaner eingefangen: Windows Recovery