Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)
-   -   syscron.exe - infizierte Dateien entfernt, nun löschen? (https://www.trojaner-board.de/88211-syscron-exe-infizierte-dateien-entfernt-loeschen.html)

TroBaz 15.07.2010 11:17
syscron.exe - infizierte Dateien entfernt, nun löschen?
 
BITTE verschieben..... habe aus lauter Nervosität leider das falsche Unterforum angeklickt!!!

Hallo zusammen

nach jahrelangem virenfreien Surfen hat es mich nun "endlich" auch erwischt.
Seit gestern befindet sich auch bei mir die nette Datei "sycron.exe" in meinem Autostart-Ordner, laut Google-Recherche ein "Trojan.Agent.Gen".

Vie CCleaner habe ich diesen Eintrag zumindest mal sofort deaktiviert, löschen via CCleaner (Autostarteinträge) war nicht möglich.

Als erstes habe ich mal MBAM drüber laufen lassen, das 4 Infektionen meldete, welche ich dann gelöscht habe, hier der Log:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4315

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.07.2010 11:09:38
mbam-log-2010-07-15 (11-09-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123837
Laufzeit: 3 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\***\AppData\Local\KBDUDeR.dll (Trojan.Agent.Gen) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\plaxuyegano (Trojan.Agent.Gen) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Local\KBDUDeR.dll (Trojan.Agent.Gen) -> Delete on reboot.
Nach einem Neustart passierte dann folgendes:
Fehlermeldung:
Zitat:
Problem beim starten von C:\Users\***\AppDataLocal\KBDUDeR.dll
das angegebene Modul wurde nicht gefunden
Dachte das liegt vielleicht an der ja noch vorhandenen syscron.exe im Autostart, obwohl die via CCleaner eigentlich deaktiviert ist, aber vielleicht nützt das ja nichts?

Daraufhin habe ich via CCleaner den "Startverweis" zur KBDUDeR durch die Registrysäuberung löschen können.

Kann ich jetzt einfach versuchen, die syscron.exe manuell aus dem Autostart zu löschen? Oder muss ich erst noch andere Dinge beachten?

Braucht ihr noch mehr Daten?
Der zweite Scan durch MBMA verlief übrigens "sauber".

Hier ausserdem der RSIT-Log nach der Anwendung von mbam:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by *** at 2010-07-15 12:11:06
Microsoft Windows 7 Home Premium 
System drive C: has 16 GB (32%) free of 50 GB
Total RAM: 3327 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:10, on 15.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
D:\Sonstiges\PSI\psi.exe
D:\Internet\Malwarebytes' Anti-Malware\mbam.exe
D:\Sonstiges\CCleaner\CCleaner.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
D:\Internet\Seamonkey\seamonkey.exe
C:\Program Files\Opera\opera.exe
D:\Internet\Yahoo Messi\Messenger\YahooMessenger.exe
C:\Windows\system32\SearchFilterHost.exe
E:\Downloads\RSIT.exe
C:\Program Files\trend micro\***.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Internet\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: syscron.exe
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AUC Helper (AUCAutostartWinService) - Unknown owner - D:\Sonstiges\AUC\AUC Autostart.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Sonstiges\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - D:\Internet\Team Viewer\TeamViewer_Service.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 5103 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"VirtualCloneDrive"=C:\VirtualCloneDrive\VCDDaemon.exe [2009-01-30 52392]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-26 13789728]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-05-28 1468296]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-05-28 1501064]
""= []
"Malwarebytes Anti-Malware (reboot)"=D:\Internet\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
syscron.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-15 12:11:06 ----D---- C:\rsit
2010-07-15 12:11:06 ----D---- C:\Program Files\trend micro
2010-07-15 11:03:16 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2010-07-15 11:03:08 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-15 11:03:07 ----D---- C:\ProgramData\Malwarebytes
2010-07-15 11:03:07 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-15 10:47:37 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-07-15 10:47:37 ----A---- C:\Windows\system32\PresentationHost.exe
2010-07-15 10:47:37 ----A---- C:\Windows\system32\netfxperf.dll
2010-07-15 10:47:37 ----A---- C:\Windows\system32\mscoree.dll
2010-07-15 10:47:37 ----A---- C:\Windows\system32\dfshim.dll
2010-07-15 10:45:00 ----D---- C:\Windows\pss
2010-07-15 10:45:00 ----A---- C:\Windows\system32\mshtml.dll
2010-07-15 10:44:58 ----A---- C:\Windows\system32\mstime.dll
2010-07-15 10:44:58 ----A---- C:\Windows\system32\ieframe.dll
2010-07-15 10:44:57 ----A---- C:\Windows\system32\wininet.dll
2010-07-15 10:44:57 ----A---- C:\Windows\system32\urlmon.dll
2010-07-15 10:44:57 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-07-15 10:44:57 ----A---- C:\Windows\system32\jsproxy.dll
2010-07-15 10:44:57 ----A---- C:\Windows\system32\iedkcs32.dll
2010-07-15 10:44:54 ----A---- C:\Windows\system32\CPFilters.dll
2010-07-15 10:44:53 ----A---- C:\Windows\system32\msdri.dll
2010-07-15 10:44:50 ----A---- C:\Windows\system32\ntdll.dll
2010-07-15 10:44:49 ----A---- C:\Windows\system32\win32k.sys
2010-07-15 10:44:49 ----A---- C:\Windows\system32\asycfilt.dll
2010-07-15 10:44:47 ----A---- C:\Windows\system32\tzres.dll
2010-07-15 10:44:16 ----A---- C:\Windows\system32\atmlib.dll
2010-07-15 10:44:16 ----A---- C:\Windows\system32\atmfd.dll
2010-07-15 10:40:23 ----D---- C:\Users\***\AppData\Roaming\Intel Corporation
2010-07-14 17:10:04 ----D---- C:\Intel
2010-07-14 17:10:04 ----A---- C:\Windows\system32\drivers\iaStor.sys
2010-07-14 17:10:02 ----D---- C:\Users\***\AppData\Roaming\InstallShield
2010-07-14 17:10:02 ----D---- C:\Program Files\Intel
2010-07-14 17:09:54 ----D---- C:\Users\***\AppData\Roaming\WinBatch
2010-07-12 21:18:13 ----RA---- C:\Users\***\AppData\Roaming\IIF1i.txt
2010-07-08 23:34:54 ----D---- C:\Users\***\AppData\Roaming\gtk-2.0
2010-07-08 23:11:34 ----D---- C:\Users\***\AppData\Roaming\griffith
2010-07-08 22:42:34 ----A---- C:\Windows\system32\Zip32.dll
2010-07-08 22:42:34 ----A---- C:\Windows\system32\unzip32.dll
2010-07-08 22:42:34 ----A---- C:\Windows\system32\MediaInfo.dll
2010-07-08 22:42:31 ----AH---- C:\Windows\system32\ErrExplorer.dll
2010-07-08 22:42:30 ----A---- C:\Windows\system32\cmmx01.dll
2010-07-08 22:42:29 ----A---- C:\Windows\system32\stdftde.dll
2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmut11.dll
2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmpr11.dll
2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmls11.dll
2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmll11xl.dll
2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmll11.dll
2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmdw11.dll
2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmct11.dll
2010-07-08 22:42:29 ----A---- C:\Windows\system32\cmbr11.dll
2010-07-08 22:42:28 ----D---- C:\ProgramData\M-DVD.Org V2
2010-07-08 22:42:28 ----A---- C:\Windows\system32\VB6DE.dll
2010-07-08 20:16:27 ----D---- C:\Users\***\AppData\Roaming\AUC
2010-07-07 16:05:32 ----A---- C:\Windows\system32\drivers\psi_mf.sys
2010-07-01 14:00:37 ----D---- C:\Users\***\AppData\Roaming\Broad Intelligence

======List of files/folders modified in the last 1 months======

2010-07-15 12:11:10 ----D---- C:\Windows\Prefetch
2010-07-15 12:11:07 ----D---- C:\Windows\Temp
2010-07-15 12:11:06 ----RD---- C:\Program Files
2010-07-15 11:40:04 ----D---- C:\Windows\system32\config
2010-07-15 11:33:30 ----D---- C:\Windows\Microsoft.NET
2010-07-15 11:33:28 ----RSD---- C:\Windows\assembly
2010-07-15 11:27:01 ----D---- C:\Windows\winsxs
2010-07-15 11:26:37 ----D---- C:\Windows
2010-07-15 11:26:14 ----D---- C:\Windows\system32\drivers
2010-07-15 11:25:03 ----D---- C:\Windows\System32
2010-07-15 11:25:03 ----D---- C:\Windows\ehome
2010-07-15 11:25:03 ----D---- C:\Program Files\Internet Explorer
2010-07-15 11:25:02 ----D---- C:\Windows\system32\migration
2010-07-15 11:25:02 ----D---- C:\Windows\system32\de-DE
2010-07-15 11:25:02 ----D---- C:\Windows\AppPatch
2010-07-15 11:24:59 ----D---- C:\Windows\Vss
2010-07-15 11:03:07 ----HD---- C:\ProgramData
2010-07-15 10:47:41 ----SHD---- C:\System Volume Information
2010-07-15 10:47:40 ----D---- C:\Windows\system32\catroot
2010-07-15 10:47:33 ----D---- C:\Windows\system32\catroot2
2010-07-15 10:46:13 ----D---- C:\Windows\debug
2010-07-15 10:45:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-15 10:42:49 ----SD---- C:\Users\***\AppData\Roaming\Microsoft
2010-07-14 17:13:55 ----D---- C:\Users\***\AppData\Roaming\HpUpdate
2010-07-14 17:10:06 ----D---- C:\Windows\system32\DriverStore
2010-07-14 17:10:06 ----D---- C:\Windows\inf
2010-07-14 17:10:02 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-14 17:09:52 ----SHD---- C:\Windows\Installer
2010-07-14 17:09:51 ----D---- C:\Program Files\Hp
2010-07-14 17:09:35 ----D---- C:\Windows\twain_32
2010-07-13 23:12:38 ----D---- C:\Users\***\AppData\Roaming\vlc
2010-07-13 20:14:14 ----AD---- C:\ProgramData\TEMP
2010-07-12 20:45:58 ----D---- C:\Users\***\AppData\Roaming\dvdcss
2010-07-10 16:09:48 ----D---- C:\Program Files\Mozilla Firefox
2010-07-09 22:12:29 ----D---- C:\Windows\system32\NDF
2010-07-08 20:17:37 ----D---- C:\Windows\system32\Tasks
2010-07-08 14:47:56 ----D---- C:\Program Files\Opera
2010-07-02 12:39:06 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver; C:\Windows\system32\drivers\CLBStor.sys [2008-10-20 10368]
R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-03 435736]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R2 CLBUDFR;CyberLink UDF Filesystem; C:\Windows\system32\drivers\CLBUDFR.sys [2008-10-20 154368]
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 netr73;USB-Drahtlos-802.11 b/g-Adaptertreiber für Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-07-14 545792]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2009-05-28 30088]
R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-03-02 29184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 CrystalSysInfo;CrystalSysInfo; \??\D:\Multimedia\MediaCoder iPod Edition\SysInfo.sys [2007-09-25 15152]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 AUCAutostartWinService;AUC Helper; D:\Sonstiges\AUC\AUC Autostart.exe [2010-05-27 97792]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-07-30 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NMSAccessU;NMSAccessU; D:\Sonstiges\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-26 211488]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 TeamViewer4;TeamViewer 4; D:\Internet\Team Viewer\TeamViewer_Service.exe [2009-03-23 185640]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]

-----------------EOF-----------------
Vielen Dank schon mal für die Hilfe

(Und das alles, nachdem ich gestern und vorgestern alle meine über 200 Passwörter geändert habe... :headbang:)

cosinus 15.07.2010 15:00
Hallo und :hallo:

bitte nen Vollscan mit malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

TroBaz 19.07.2010 14:36
Vielen Dank für die Antwort und für das Wilkommen. Kann mich leider erst jetzt melden (habe seit vorgestern 2 junge Kätzchen, und die lassen mir kaum Zeit für den PC)

Unter Windows habe ich nach wie vor nach Systemstart eine Virenmeldung von Antivir, dass ich im Roaming/Temp-Ordner ein Trojaner befindet, nach Löschung, komtt ein neuer (mit anderem Dateinamen)

Hier die geforderten Logs:

Vollscan Malewarebytes
Code:
Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org



Datenbank Version: 4315



Windows 6.1.7600

Internet Explorer 8.0.7600.16385



16.07.2010 17:56:27

mbam-log-2010-07-16 (17-56-27).txt



Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|K:\|)

Durchsuchte Objekte: 356329

Laufzeit: 1 Stunde(n), 44 Minute(n), 4 Sekunde(n)



Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 6



Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)



Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)



Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)



Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)



Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)



Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)



Infizierte Dateien:

E:\Documents\Sonstiges\Funny Things\Funny Mails\Exe\***.exe (Joke.VV) -> Quarantined and deleted successfully.

E:\Downloads\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

E:\Downloads\ZwinkySetup2.3.67.1.ZJman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

I:\Sonstiges\run with parameters\rwparam-1.1.1-setup.exe (Malware.Packer) -> Quarantined and deleted successfully.

I:\System\runwithparameters.exe (Malware.Packer) -> Quarantined and deleted successfully.

I:\Internet\Anonymität\proxyi.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
Meldung 1 ist mir klar.. die Dateil besitze ich seit Jahren, und ist leidglich ein kleines Joke-Programm.
Die beiden Dateien in Downloads machen mich stutzig, Antivir hatte damals beim Download nichts festgestellt.
nrevös machen mich die beiden "run with parameters", welche "offensichtlich" in der Explorer-Ansicht (auch unter Linux) überhaupt nicht vorhanden sind...

Hier noch die OLT Logs:
Code:
OTL logfile created on: 16.07.2010 18:01:59 - Run 1

OTL by OldTimer - Version 3.2.9.0    Folder = E:\Downloads

 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48.73 Gb Total Space | 15.20 Gb Free Space | 31.19% Space Free | Partition Type: NTFS

Drive D: | 112.70 Gb Total Space | 110.44 Gb Free Space | 98.00% Space Free | Partition Type: NTFS

Drive E: | 97.66 Gb Total Space | 89.94 Gb Free Space | 92.10% Space Free | Partition Type: NTFS

Drive F: | 390.62 Gb Total Space | 361.05 Gb Free Space | 92.43% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

Drive H: | 23.05 Gb Total Space | 23.02 Gb Free Space | 99.88% Space Free | Partition Type: UDF

Drive I: | 149.88 Gb Total Space | 75.54 Gb Free Space | 50.40% Space Free | Partition Type: NTFS

Drive K: | 83.01 Gb Total Space | 57.44 Gb Free Space | 69.20% Space Free | Partition Type: NTFS

 

Computer Name: PC

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - E:\Downloads\OTL.exe (OldTimer Tools)

PRC - D:\Sonstiges\PSI\psi.exe (Secunia)

PRC - C:\Programme\Opera\opera.exe (Opera Software)

PRC - D:\Sonstiges\AUC\AUC Autostart.exe ()

PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - D:\Internet\Team Viewer\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

PRC - D:\Sonstiges\CDBurnerXP\NMSAccessU.exe ()

 

 

========== Modules (SafeList) ==========

 

MOD - E:\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (AUCAutostartWinService) -- D:\Sonstiges\AUC\AUC Autostart.exe ()

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (TeamViewer4) -- D:\Internet\Team Viewer\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (NMSAccessU) -- D:\Sonstiges\CDBurnerXP\NMSAccessU.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)

DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )

DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (CLBUDFR) -- C:\Windows\System32\drivers\CLBUDFR.sys (CyberLink Corporation.)

DRV - (CLBStor) -- C:\Windows\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)

DRV - (CrystalSysInfo) -- D:\Multimedia\MediaCoder iPod Edition\SysInfo.sys ()

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 73 E2 08 43 C0 CA 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4

FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8

FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:1.0.0.12

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.99

FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503

FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4

FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1

FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4

FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.14 17:08:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.10 16:09:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.10 16:09:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: D:\Internet\Seamonkey\components [2010.07.08 12:33:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: D:\Internet\Seamonkey\plugins [2010.07.08 12:33:51 | 000,000,000 | ---D | M]

 

[2010.04.15 13:43:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2010.03.04 18:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.04.15 13:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}

[2010.07.12 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions

[2010.03.04 19:20:41 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}

[2010.03.04 19:20:40 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2010.03.04 19:20:40 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}

[2010.07.09 14:26:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010.04.17 23:08:20 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}

[2010.03.04 19:20:40 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2010.05.12 11:30:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010.04.17 23:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{BFB5F154-9212-46F3-B547-AC6106030A54}

[2010.07.12 20:14:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.04.09 11:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

[2010.07.09 14:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2010.06.05 12:43:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010.07.09 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\foxmarks@kei.com

[2010.04.09 11:18:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\screencaptureelite@plugin

[2010.04.16 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\YoutubeDownloader@PeterOlayev.com

[2010.07.16 16:03:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions

[2010.07.08 18:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2010.04.16 18:13:51 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2010.04.17 13:03:27 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}

[2010.07.08 18:06:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010.07.15 11:47:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.04.15 14:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

[2010.06.04 13:30:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010.04.15 14:49:33 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}

[2010.04.15 14:49:27 | 000,000,000 | ---D | M] (WorldIP) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}

[2010.07.15 11:47:14 | 000,000,000 | ---D | M] (Display Mail User Agent) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{F8147CF4-B9E3-445B-AA87-081ED66548F8}

[2010.04.15 14:49:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\closy@gemal.dk

[2010.06.04 13:30:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\custombuttons@xsms.org

[2010.07.08 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\formhistory@yahoo.com

[2010.07.08 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\inspector@mozilla.org

[2010.07.15 11:47:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\QuickPasswords@axelg.com

[2010.02.26 14:23:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.07.10 16:09:46 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.07.10 16:09:46 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.07.10 16:09:46 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.07.10 16:09:46 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.07.10 16:09:46 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Internet\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [VirtualCloneDrive] C:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syscron.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.03.29 01:41:00 | 000,000,039 | ---- | M] () - I:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{10b47047-077c-11df-b041-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{10b47047-077c-11df-b041-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010.07.16 17:01:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games

[2010.07.16 16:36:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET

[2010.07.16 16:08:31 | 000,000,000 | ---D | C] -- C:\Programme\Vertrix 2

[2010.07.15 12:11:06 | 000,000,000 | ---D | C] -- C:\Programme\trend micro

[2010.07.15 12:11:06 | 000,000,000 | ---D | C] -- C:\rsit

[2010.07.15 11:03:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2010.07.15 11:03:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.07.15 11:03:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.07.15 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.07.15 10:47:37 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010.07.15 10:47:37 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010.07.15 10:47:37 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010.07.15 10:45:00 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010.07.15 10:44:58 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010.07.15 10:44:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010.07.15 10:44:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010.07.15 10:44:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010.07.15 10:44:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll

[2010.07.15 10:44:53 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll

[2010.07.15 10:44:53 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2010.07.15 10:44:53 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2010.07.15 10:44:49 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010.07.15 10:44:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010.07.15 10:44:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010.07.15 10:44:16 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010.07.15 10:44:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010.07.15 10:40:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Intel Corporation

[2010.07.14 17:10:04 | 000,000,000 | ---D | C] -- C:\Intel

[2010.07.14 17:10:02 | 000,000,000 | ---D | C] -- C:\Programme\Intel

[2010.07.14 17:10:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield

[2010.07.14 17:09:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinBatch

[2010.07.13 10:48:44 | 000,000,000 | ---D | C] -- e:\Documents\Neu

[2010.07.13 10:48:08 | 000,000,000 | ---D | C] -- e:\Documents\pdf24

[2010.07.09 00:01:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\posters

[2010.07.08 23:34:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2010.07.08 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\griffith

[2010.07.08 22:42:34 | 002,945,024 | ---- | C] (hxxp://mediainfo.sourceforge.net) -- C:\Windows\System32\MediaInfo.dll

[2010.07.08 22:42:34 | 000,141,312 | ---- | C] (Info-ZIP) -- C:\Windows\System32\Zip32.dll

[2010.07.08 22:42:34 | 000,102,400 | ---- | C] (Info-ZIP) -- C:\Windows\System32\unzip32.dll

[2010.07.08 22:42:31 | 000,061,440 | -H-- | C] (SynApp GmbH) -- C:\Windows\System32\ErrExplorer.dll

[2010.07.08 22:42:30 | 000,688,640 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmmx01.dll

[2010.07.08 22:42:30 | 000,414,720 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll1100.lng

[2010.07.08 22:42:30 | 000,349,184 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11pw.llx

[2010.07.08 22:42:30 | 000,165,584 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11o.ocx

[2010.07.08 22:42:29 | 002,899,968 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11.dll

[2010.07.08 22:42:29 | 001,399,296 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmct11.dll

[2010.07.08 22:42:29 | 001,378,304 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmls11.dll

[2010.07.08 22:42:29 | 000,893,952 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmbr11.dll

[2010.07.08 22:42:29 | 000,739,328 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmdw11.dll

[2010.07.08 22:42:29 | 000,684,032 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11xl.dll

[2010.07.08 22:42:29 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx

[2010.07.08 22:42:29 | 000,489,128 | ---- | C] (ComponentOne) -- C:\Windows\System32\Vsflex7.ocx

[2010.07.08 22:42:29 | 000,416,528 | ---- | C] (Microsoft Corporation ) -- C:\Windows\System32\comct332.ocx

[2010.07.08 22:42:29 | 000,351,232 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmpr11.dll

[2010.07.08 22:42:29 | 000,337,920 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmut11.dll

[2010.07.08 22:42:29 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabctl32.ocx

[2010.07.08 22:42:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stdftde.dll

[2010.07.08 22:42:28 | 001,009,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mschrt20.ocx

[2010.07.08 22:42:28 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSHFLXGD.OCX

[2010.07.08 22:42:28 | 000,166,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmask32.ocx

[2010.07.08 22:42:28 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx

[2010.07.08 22:42:28 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.dll

[2010.07.08 22:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\M-DVD.Org V2

[2010.07.08 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AUC

[2010.07.07 16:05:32 | 000,014,904 | ---- | C] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys

[2010.07.01 14:00:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Broad Intelligence

 

========== Files - Modified Within 30 Days ==========

 

[2010.07.16 17:59:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.07.16 17:59:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.07.16 17:58:58 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys

[2010.07.16 17:58:09 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT

[2010.07.16 17:57:59 | 006,093,368 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db

[2010.07.16 16:38:19 | 002,278,190 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.07.16 16:38:19 | 000,621,350 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.07.16 16:38:19 | 000,008,816 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.07.16 16:03:31 | 000,000,668 | ---- | M] () -- C:\Users\***\Desktop\Waldmeister Sause Winteredition (Gratisversion).lnk

[2010.07.16 15:56:56 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010.07.16 15:56:56 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010.07.15 11:53:05 | 000,023,612 | ---- | M] () -- C:\Users\***\Desktop\cab_banane.jpg

[2010.07.15 11:26:42 | 000,303,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010.07.15 11:03:10 | 000,000,662 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.14 17:08:43 | 000,023,687 | ---- | M] () -- C:\Windows\hpqins15.dat

[2010.07.13 10:44:41 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2010.07.12 22:45:56 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\ABC Amber SeaMonkey Converter.lnk

[2010.07.11 15:09:51 | 000,000,673 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk

[2010.07.09 16:07:07 | 000,000,218 | ---- | M] () -- C:\Users\***\.recently-used.xbel

[2010.07.09 00:02:10 | 000,032,603 | ---- | M] () -- C:\Users\***\Desktop\griffith_list.xml

[2010.07.09 00:01:59 | 000,013,876 | ---- | M] () -- C:\Users\***\Desktop\page_1.htm

[2010.07.09 00:01:59 | 000,001,799 | ---- | M] () -- C:\Users\***\Desktop\gray.css

[2010.07.09 00:00:52 | 000,004,239 | ---- | M] () -- C:\Users\***\Desktop\griffith_simple_list.pdf

[2010.07.08 23:11:23 | 000,000,630 | ---- | M] () -- C:\Users\***\Desktop\Griffith.lnk

[2010.07.08 23:00:50 | 002,064,384 | ---- | M] () -- e:\Documents\M-DVD_Org.db

[2010.07.08 22:42:36 | 000,000,743 | ---- | M] () -- C:\Users\***\Desktop\M-DVD.Org V2.lnk

[2010.07.08 20:18:43 | 000,000,678 | ---- | M] () -- C:\Users\***\Desktop\Magic MP3 Tagger.lnk

[2010.07.08 13:35:44 | 000,000,036 | ---- | M] () -- C:\Users\***\.33a11c88

[2010.07.07 16:05:32 | 000,014,904 | ---- | M] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys

[2010.06.30 18:04:43 | 000,029,520 | ---- | M] () -- e:\Documents\Gmail - ***.mht

 

========== Files Created - No Company Name ==========

 

[2010.07.16 16:03:31 | 000,000,668 | ---- | C] () -- C:\Users\***\Desktop\Waldmeister Sause Winteredition (Gratisversion).lnk

[2010.07.15 11:53:05 | 000,023,612 | ---- | C] () -- C:\Users\***\Desktop\cab_banane.jpg

[2010.07.15 11:03:10 | 000,000,662 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.14 17:08:11 | 000,023,687 | ---- | C] () -- C:\Windows\hpqins15.dat

[2010.07.13 10:44:41 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2010.07.12 22:45:56 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\ABC Amber SeaMonkey Converter.lnk

[2010.07.12 21:18:13 | 000,000,000 | R--- | C] () -- C:\Users\***\AppData\Roaming\IIF1i.txt

[2010.07.11 15:09:51 | 000,000,673 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk

[2010.07.09 16:07:07 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel

[2010.07.09 14:33:27 | 000,029,520 | ---- | C] () -- e:\Documents\Gmail - ***.mht

[2010.07.09 00:02:10 | 000,032,603 | ---- | C] () -- C:\Users\***\Desktop\griffith_list.xml

[2010.07.09 00:01:59 | 000,013,876 | ---- | C] () -- C:\Users\***\Desktop\page_1.htm

[2010.07.09 00:01:59 | 000,001,799 | ---- | C] () -- C:\Users\***\Desktop\gray.css

[2010.07.09 00:00:52 | 000,004,239 | ---- | C] () -- C:\Users\***\Desktop\griffith_simple_list.pdf

[2010.07.08 23:11:23 | 000,000,630 | ---- | C] () -- C:\Users\***\Desktop\Griffith.lnk

[2010.07.08 22:52:40 | 002,064,384 | ---- | C] () -- e:\Documents\M-DVD_Org.db

[2010.07.08 22:42:36 | 000,000,743 | ---- | C] () -- C:\Users\***\Desktop\M-DVD.Org V2.lnk

[2010.07.08 22:42:34 | 000,675,840 | ---- | C] () -- C:\Windows\System32\AudioGenie2.ocx

[2010.07.08 22:42:30 | 001,161,492 | ---- | C] () -- C:\Windows\System32\cmLL1100.chm

[2010.07.08 22:42:30 | 000,425,984 | ---- | C] () -- C:\Windows\System32\cmmx0100.lng

[2010.07.08 20:18:43 | 000,000,678 | ---- | C] () -- C:\Users\***\Desktop\Magic MP3 Tagger.lnk

[2010.07.08 13:35:44 | 000,000,036 | ---- | C] () -- C:\Users\***\.33a11c88

[2010.04.05 17:32:41 | 000,000,295 | ---- | C] () -- C:\Windows\lgfwup.ini

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:D4BB0AD6

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:35A81752

@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:B1FBA7E1

@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:66AA0486

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:ED2998F5

< End of report >
Und "Extras":
Code:
OTL logfile created on: 16.07.2010 18:01:59 - Run 1

OTL by OldTimer - Version 3.2.9.0    Folder = E:\Downloads

 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48.73 Gb Total Space | 15.20 Gb Free Space | 31.19% Space Free | Partition Type: NTFS

Drive D: | 112.70 Gb Total Space | 110.44 Gb Free Space | 98.00% Space Free | Partition Type: NTFS

Drive E: | 97.66 Gb Total Space | 89.94 Gb Free Space | 92.10% Space Free | Partition Type: NTFS

Drive F: | 390.62 Gb Total Space | 361.05 Gb Free Space | 92.43% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

Drive H: | 23.05 Gb Total Space | 23.02 Gb Free Space | 99.88% Space Free | Partition Type: UDF

Drive I: | 149.88 Gb Total Space | 75.54 Gb Free Space | 50.40% Space Free | Partition Type: NTFS

Drive K: | 83.01 Gb Total Space | 57.44 Gb Free Space | 69.20% Space Free | Partition Type: NTFS

 

Computer Name: PC

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - E:\Downloads\OTL.exe (OldTimer Tools)

PRC - D:\Sonstiges\PSI\psi.exe (Secunia)

PRC - C:\Programme\Opera\opera.exe (Opera Software)

PRC - D:\Sonstiges\AUC\AUC Autostart.exe ()

PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - D:\Internet\Team Viewer\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

PRC - D:\Sonstiges\CDBurnerXP\NMSAccessU.exe ()

 

 

========== Modules (SafeList) ==========

 

MOD - E:\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (AUCAutostartWinService) -- D:\Sonstiges\AUC\AUC Autostart.exe ()

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (TeamViewer4) -- D:\Internet\Team Viewer\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (NMSAccessU) -- D:\Sonstiges\CDBurnerXP\NMSAccessU.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)

DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )

DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (CLBUDFR) -- C:\Windows\System32\drivers\CLBUDFR.sys (CyberLink Corporation.)

DRV - (CLBStor) -- C:\Windows\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)

DRV - (CrystalSysInfo) -- D:\Multimedia\MediaCoder iPod Edition\SysInfo.sys ()

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 73 E2 08 43 C0 CA 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4

FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8

FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:1.0.0.12

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.99

FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503

FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4

FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1

FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4

FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.14 17:08:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.10 16:09:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.10 16:09:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: D:\Internet\Seamonkey\components [2010.07.08 12:33:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: D:\Internet\Seamonkey\plugins [2010.07.08 12:33:51 | 000,000,000 | ---D | M]

 

[2010.04.15 13:43:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2010.03.04 18:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.04.15 13:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}

[2010.07.12 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions

[2010.03.04 19:20:41 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}

[2010.03.04 19:20:40 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2010.03.04 19:20:40 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}

[2010.07.09 14:26:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010.04.17 23:08:20 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}

[2010.03.04 19:20:40 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2010.05.12 11:30:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010.04.17 23:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{BFB5F154-9212-46F3-B547-AC6106030A54}

[2010.07.12 20:14:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.04.09 11:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

[2010.07.09 14:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2010.06.05 12:43:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010.07.09 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\foxmarks@kei.com

[2010.04.09 11:18:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\screencaptureelite@plugin

[2010.04.16 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g0dei4ie.default\extensions\YoutubeDownloader@PeterOlayev.com

[2010.07.16 16:03:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions

[2010.07.08 18:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2010.04.16 18:13:51 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2010.04.17 13:03:27 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}

[2010.07.08 18:06:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010.07.15 11:47:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.04.15 14:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

[2010.06.04 13:30:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010.04.15 14:49:33 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}

[2010.04.15 14:49:27 | 000,000,000 | ---D | M] (WorldIP) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}

[2010.07.15 11:47:14 | 000,000,000 | ---D | M] (Display Mail User Agent) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\{F8147CF4-B9E3-445B-AA87-081ED66548F8}

[2010.04.15 14:49:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\closy@gemal.dk

[2010.06.04 13:30:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\custombuttons@xsms.org

[2010.07.08 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\formhistory@yahoo.com

[2010.07.08 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\inspector@mozilla.org

[2010.07.15 11:47:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\z48c90l4.default\extensions\QuickPasswords@axelg.com

[2010.02.26 14:23:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.07.10 16:09:46 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.07.10 16:09:46 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.07.10 16:09:46 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.07.10 16:09:46 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.07.10 16:09:46 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Internet\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [VirtualCloneDrive] C:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syscron.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.03.29 01:41:00 | 000,000,039 | ---- | M] () - I:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{10b47047-077c-11df-b041-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{10b47047-077c-11df-b041-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010.07.16 17:01:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games

[2010.07.16 16:36:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET

[2010.07.16 16:08:31 | 000,000,000 | ---D | C] -- C:\Programme\Vertrix 2

[2010.07.15 12:11:06 | 000,000,000 | ---D | C] -- C:\Programme\trend micro

[2010.07.15 12:11:06 | 000,000,000 | ---D | C] -- C:\rsit

[2010.07.15 11:03:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2010.07.15 11:03:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.07.15 11:03:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.07.15 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.07.15 10:47:37 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010.07.15 10:47:37 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010.07.15 10:47:37 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010.07.15 10:45:00 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010.07.15 10:44:58 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010.07.15 10:44:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010.07.15 10:44:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010.07.15 10:44:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010.07.15 10:44:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll

[2010.07.15 10:44:53 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll

[2010.07.15 10:44:53 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2010.07.15 10:44:53 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2010.07.15 10:44:49 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010.07.15 10:44:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010.07.15 10:44:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010.07.15 10:44:16 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010.07.15 10:44:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010.07.15 10:40:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Intel Corporation

[2010.07.14 17:10:04 | 000,000,000 | ---D | C] -- C:\Intel

[2010.07.14 17:10:02 | 000,000,000 | ---D | C] -- C:\Programme\Intel

[2010.07.14 17:10:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield

[2010.07.14 17:09:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinBatch

[2010.07.13 10:48:44 | 000,000,000 | ---D | C] -- e:\Documents\Neu

[2010.07.13 10:48:08 | 000,000,000 | ---D | C] -- e:\Documents\pdf24

[2010.07.09 00:01:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\posters

[2010.07.08 23:34:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2010.07.08 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\griffith

[2010.07.08 22:42:34 | 002,945,024 | ---- | C] (hxxp://mediainfo.sourceforge.net) -- C:\Windows\System32\MediaInfo.dll

[2010.07.08 22:42:34 | 000,141,312 | ---- | C] (Info-ZIP) -- C:\Windows\System32\Zip32.dll

[2010.07.08 22:42:34 | 000,102,400 | ---- | C] (Info-ZIP) -- C:\Windows\System32\unzip32.dll

[2010.07.08 22:42:31 | 000,061,440 | -H-- | C] (SynApp GmbH) -- C:\Windows\System32\ErrExplorer.dll

[2010.07.08 22:42:30 | 000,688,640 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmmx01.dll

[2010.07.08 22:42:30 | 000,414,720 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll1100.lng

[2010.07.08 22:42:30 | 000,349,184 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11pw.llx

[2010.07.08 22:42:30 | 000,165,584 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11o.ocx

[2010.07.08 22:42:29 | 002,899,968 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11.dll

[2010.07.08 22:42:29 | 001,399,296 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmct11.dll

[2010.07.08 22:42:29 | 001,378,304 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmls11.dll

[2010.07.08 22:42:29 | 000,893,952 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmbr11.dll

[2010.07.08 22:42:29 | 000,739,328 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmdw11.dll

[2010.07.08 22:42:29 | 000,684,032 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmll11xl.dll

[2010.07.08 22:42:29 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx

[2010.07.08 22:42:29 | 000,489,128 | ---- | C] (ComponentOne) -- C:\Windows\System32\Vsflex7.ocx

[2010.07.08 22:42:29 | 000,416,528 | ---- | C] (Microsoft Corporation ) -- C:\Windows\System32\comct332.ocx

[2010.07.08 22:42:29 | 000,351,232 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmpr11.dll

[2010.07.08 22:42:29 | 000,337,920 | ---- | C] (combit GmbH) -- C:\Windows\System32\cmut11.dll

[2010.07.08 22:42:29 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabctl32.ocx

[2010.07.08 22:42:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stdftde.dll

[2010.07.08 22:42:28 | 001,009,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mschrt20.ocx

[2010.07.08 22:42:28 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSHFLXGD.OCX

[2010.07.08 22:42:28 | 000,166,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmask32.ocx

[2010.07.08 22:42:28 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx

[2010.07.08 22:42:28 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.dll

[2010.07.08 22:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\M-DVD.Org V2

[2010.07.08 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AUC

[2010.07.07 16:05:32 | 000,014,904 | ---- | C] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys

[2010.07.01 14:00:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Broad Intelligence

 

========== Files - Modified Within 30 Days ==========

 

[2010.07.16 17:59:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.07.16 17:59:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.07.16 17:58:58 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys

[2010.07.16 17:58:09 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT

[2010.07.16 17:57:59 | 006,093,368 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db

[2010.07.16 16:38:19 | 002,278,190 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.07.16 16:38:19 | 000,621,350 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.07.16 16:38:19 | 000,008,816 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.07.16 16:03:31 | 000,000,668 | ---- | M] () -- C:\Users\***\Desktop\Waldmeister Sause Winteredition (Gratisversion).lnk

[2010.07.16 15:56:56 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010.07.16 15:56:56 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010.07.15 11:53:05 | 000,023,612 | ---- | M] () -- C:\Users\***\Desktop\cab_banane.jpg

[2010.07.15 11:26:42 | 000,303,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010.07.15 11:03:10 | 000,000,662 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.14 17:08:43 | 000,023,687 | ---- | M] () -- C:\Windows\hpqins15.dat

[2010.07.13 10:44:41 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2010.07.12 22:45:56 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\ABC Amber SeaMonkey Converter.lnk

[2010.07.11 15:09:51 | 000,000,673 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk

[2010.07.09 16:07:07 | 000,000,218 | ---- | M] () -- C:\Users\***\.recently-used.xbel

[2010.07.09 00:02:10 | 000,032,603 | ---- | M] () -- C:\Users\***\Desktop\griffith_list.xml

[2010.07.09 00:01:59 | 000,013,876 | ---- | M] () -- C:\Users\***\Desktop\page_1.htm

[2010.07.09 00:01:59 | 000,001,799 | ---- | M] () -- C:\Users\***\Desktop\gray.css

[2010.07.09 00:00:52 | 000,004,239 | ---- | M] () -- C:\Users\***\Desktop\griffith_simple_list.pdf

[2010.07.08 23:11:23 | 000,000,630 | ---- | M] () -- C:\Users\***\Desktop\Griffith.lnk

[2010.07.08 23:00:50 | 002,064,384 | ---- | M] () -- e:\Documents\M-DVD_Org.db

[2010.07.08 22:42:36 | 000,000,743 | ---- | M] () -- C:\Users\***\Desktop\M-DVD.Org V2.lnk

[2010.07.08 20:18:43 | 000,000,678 | ---- | M] () -- C:\Users\***\Desktop\Magic MP3 Tagger.lnk

[2010.07.08 13:35:44 | 000,000,036 | ---- | M] () -- C:\Users\***\.33a11c88

[2010.07.07 16:05:32 | 000,014,904 | ---- | M] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys

[2010.06.30 18:04:43 | 000,029,520 | ---- | M] () -- e:\Documents\Gmail - ***.mht

 

========== Files Created - No Company Name ==========

 

[2010.07.16 16:03:31 | 000,000,668 | ---- | C] () -- C:\Users\***\Desktop\Waldmeister Sause Winteredition (Gratisversion).lnk

[2010.07.15 11:53:05 | 000,023,612 | ---- | C] () -- C:\Users\***\Desktop\cab_banane.jpg

[2010.07.15 11:03:10 | 000,000,662 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.14 17:08:11 | 000,023,687 | ---- | C] () -- C:\Windows\hpqins15.dat

[2010.07.13 10:44:41 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2010.07.12 22:45:56 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\ABC Amber SeaMonkey Converter.lnk

[2010.07.12 21:18:13 | 000,000,000 | R--- | C] () -- C:\Users\***\AppData\Roaming\IIF1i.txt

[2010.07.11 15:09:51 | 000,000,673 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk

[2010.07.09 16:07:07 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel

[2010.07.09 14:33:27 | 000,029,520 | ---- | C] () -- e:\Documents\Gmail - ***.mht

[2010.07.09 00:02:10 | 000,032,603 | ---- | C] () -- C:\Users\***\Desktop\griffith_list.xml

[2010.07.09 00:01:59 | 000,013,876 | ---- | C] () -- C:\Users\***\Desktop\page_1.htm

[2010.07.09 00:01:59 | 000,001,799 | ---- | C] () -- C:\Users\***\Desktop\gray.css

[2010.07.09 00:00:52 | 000,004,239 | ---- | C] () -- C:\Users\***\Desktop\griffith_simple_list.pdf

[2010.07.08 23:11:23 | 000,000,630 | ---- | C] () -- C:\Users\***\Desktop\Griffith.lnk

[2010.07.08 22:52:40 | 002,064,384 | ---- | C] () -- e:\Documents\M-DVD_Org.db

[2010.07.08 22:42:36 | 000,000,743 | ---- | C] () -- C:\Users\***\Desktop\M-DVD.Org V2.lnk

[2010.07.08 22:42:34 | 000,675,840 | ---- | C] () -- C:\Windows\System32\AudioGenie2.ocx

[2010.07.08 22:42:30 | 001,161,492 | ---- | C] () -- C:\Windows\System32\cmLL1100.chm

[2010.07.08 22:42:30 | 000,425,984 | ---- | C] () -- C:\Windows\System32\cmmx0100.lng

[2010.07.08 20:18:43 | 000,000,678 | ---- | C] () -- C:\Users\***\Desktop\Magic MP3 Tagger.lnk

[2010.07.08 13:35:44 | 000,000,036 | ---- | C] () -- C:\Users\***\.33a11c88

[2010.04.05 17:32:41 | 000,000,295 | ---- | C] () -- C:\Windows\lgfwup.ini

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:D4BB0AD6

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:35A81752

@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:B1FBA7E1

@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:66AA0486

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:ED2998F5

< End of report >
So vielen Dank schon mal für die Hilfe. Bin nun mit Linux unterwegs und finde mich mit dem GEdanken ab, dass ich vermutlich alle 200 Passwörter wieder erneut umändern muss....

LG

cosinus 19.07.2010 21:40
Ist rel. unauffällig, am besten jetzt mal CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

TroBaz 20.07.2010 11:00
Moin Moin

Hach.. die "syscron.exe" ist nun weg und die besagte Virenmeldung nach Systemstart ebenfalls *freu*

Hier nun der Log von ComboFix:
Code:
ComboFix 10-07-19.02 - *** 20.07.2010  11:44:28.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.41.1031.18.3327.2406 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syscron.exe
c:\windows\system32\VB6KO.DLL
c:\windows\system32\zip32.dll
I:\Autorun.inf

.
(((((((((((((((((((((((  Dateien erstellt von 2010-06-20 bis 2010-07-20  ))))))))))))))))))))))))))))))
.

2010-07-20 09:49 . 2010-07-20 09:49        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-07-16 15:01 . 2010-07-16 15:02        --------        d-----w-        c:\users\***\AppData\Local\Microsoft Games
2010-07-16 14:36 . 2010-07-16 14:36        --------        d-----w-        c:\program files\Microsoft.NET
2010-07-16 14:08 . 2010-07-16 14:08        --------        d-----w-        c:\program files\Vertrix 2
2010-07-15 10:11 . 2010-07-15 10:11        --------        d-----w-        C:\rsit
2010-07-15 10:11 . 2010-07-15 10:11        --------        d-----w-        c:\program files\trend micro
2010-07-15 09:03 . 2010-07-15 09:03        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2010-07-15 09:03 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-15 09:03 . 2010-07-15 09:03        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-15 09:03 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-07-15 08:47 . 2009-11-25 10:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-07-15 08:47 . 2009-11-25 10:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-07-15 08:47 . 2009-11-25 10:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-07-15 08:47 . 2009-11-25 10:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-07-15 08:47 . 2009-11-25 10:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-07-15 08:40 . 2010-07-15 08:40        --------        d-----w-        c:\users\***\AppData\Roaming\Intel Corporation
2010-07-14 15:10 . 2010-07-14 15:10        --------        d-----w-        C:\Intel
2010-07-14 15:10 . 2010-07-14 15:10        --------        d-----w-        c:\program files\Intel
2010-07-14 15:10 . 2010-07-14 15:10        --------        d-----w-        c:\users\***\AppData\Roaming\InstallShield
2010-07-14 15:09 . 2010-07-14 15:09        --------        d-----w-        c:\users\***\AppData\Roaming\WinBatch
2010-07-14 15:08 . 2010-07-14 15:08        23687        ----a-w-        c:\windows\hpqins15.dat
2010-07-08 21:34 . 2010-07-08 22:02        --------        d-----w-        c:\users\***\AppData\Roaming\gtk-2.0
2010-07-08 21:11 . 2010-07-09 19:51        --------        d-----w-        c:\users\***\AppData\Roaming\griffith
2010-07-08 18:16 . 2010-07-09 13:05        --------        d-----w-        c:\users\***\AppData\Roaming\AUC
2010-07-08 17:38 . 2009-05-26 16:43        1710392        ------w-        c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-07-07 14:05 . 2010-07-07 14:05        14904        ----a-w-        c:\windows\system32\drivers\psi_mf.sys
2010-07-01 12:00 . 2010-07-01 12:00        --------        d-----w-        c:\users\***\AppData\Roaming\Broad Intelligence

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 14:38 . 2009-07-14 08:47        621350        ----a-w-        c:\windows\system32\perfc007.dat
2010-07-16 14:38 . 2009-07-14 08:47        2278190        ----a-w-        c:\windows\system32\perfh007.dat
2010-07-14 15:13 . 2010-03-05 15:58        --------        d-----w-        c:\users\***\AppData\Roaming\HpUpdate
2010-07-14 15:10 . 2010-04-05 15:29        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-07-14 15:09 . 2010-03-05 15:58        --------        d-----w-        c:\program files\Hp
2010-07-13 21:12 . 2010-04-06 09:44        --------        d-----w-        c:\users\***\AppData\Roaming\vlc
2010-07-13 20:27 . 2010-01-23 18:53        1        ----a-w-        c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-12 18:45 . 2010-01-23 14:07        --------        d-----w-        c:\users\***\AppData\Roaming\dvdcss
2010-07-08 20:42 . 2010-07-08 20:42        --------        d-----w-        c:\programdata\M-DVD.Org V2
2010-07-08 12:47 . 2010-03-13 22:11        --------        d-----w-        c:\program files\Opera
2010-05-27 07:24 . 2010-07-15 08:44        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-07-15 08:44        293888        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-01-22 17:55        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-07-15 08:44        977920        ----a-w-        c:\windows\system32\wininet.dll
2010-05-09 09:14 . 2010-07-15 08:44        641536        ----a-w-        c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-07-15 08:44        417792        ----a-w-        c:\windows\system32\msdri.dll
2010-05-01 14:49 . 2010-07-15 08:44        2326528        ----a-w-        c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-07-15 08:44        2048        ----a-w-        c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VirtualCloneDrive"="c:\virtualclonedrive\VCDDaemon.exe" [2009-01-29 52392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 13789728]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 1468296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-28 1501064]
"Malwarebytes Anti-Malware (reboot)"="d:\internet\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 AUCAutostartWinService;AUC Helper;d:\sonstiges\AUC\AUC Autostart.exe [2010-05-27 97792]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
S0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 CLBUDFR;CyberLink UDF Filesystem; [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 TeamViewer4;TeamViewer 4;d:\internet\Team Viewer\TeamViewer_Service.exe [2009-03-23 185640]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 netr73;USB-Drahtlos-802.11 b/g-Adaptertreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService        REG_MULTI_SZ          HPSLPSVC
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 08:39        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g0dei4ie.default\
FF - plugin: d:\internet\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\multimedia\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\multimedia\VLC Player\npvlc.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-07-20  11:50:27
ComboFix-quarantined-files.txt  2010-07-20 09:50

Vor Suchlauf: 10 Verzeichnis(se), 16'242'094'080 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 16'157'777'920 Bytes frei

- - End Of File - - D5BE7C4A6F08C07F33644BABBD7A53F0
Kann man irgendwie rausfinden, ob der Virus nach aussen hin aktiv war? Wegen Password-Erneuerung... wenn er das nicht war, spare ich mir halt ziemlich Arbeit... ;-)

Und hast du ne Ahnung, wie resp. woher ich mir den aufgeschnappt haben könnte? (Ich glaub ich steig zum Surfen nun doch wieder komplett auf Linux um..... ;) )

Vielen Dank für die Bemühungen und liebe Grüsse

cosinus 21.07.2010 17:19
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

TroBaz 24.07.2010 13:30
Liste der Anhänge anzeigen (Anzahl: 1)
TZia, da sind leider Veränderungen im MBR (hab jetzt aber noch nichts weiter gemacht...)
Aber erst mal der Reihe nach:

Der Log von GMER:
GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-24 14:12:42
Windows 6.1.7600
Running: lzgp7gun.exe; Driver: C:\Users\***\AppData\Local\Temp\ugrdifoc.sys


---- System - GMER 1.0.15 ----

SSDT            8054ECEC                                                                                          ZwCreateThread
SSDT            8054ECD8                                                                                          ZwOpenProcess
SSDT            8054ECDD                                                                                          ZwOpenThread
SSDT            8054ECE7                                                                                          ZwTerminateProcess

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)          83041AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)          83041104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)          830413F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)          8302A2D8
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)          83029898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)          830411DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)          83041958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)          830416F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)          83041F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)          830421A8

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                    82C5A599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            82C7EF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!RtlSidHashLookup + 34C                                                                82C8685C 4 Bytes  [EC, EC, 54, 80]
.text          ntkrnlpa.exe!RtlSidHashLookup + 4E8                                                                82C869F8 4 Bytes  [D8, EC, 54, 80]
.text          ntkrnlpa.exe!RtlSidHashLookup + 508                                                                82C86A18 4 Bytes  JMP D7B5479F
.text          ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                82C86CC8 4 Bytes  [E7, EC, 54, 80]
.text          peauth.sys                                                                                        A181CC9D 28 Bytes  [4F, 22, CE, 95, 6A, D6, 09, ...]
.text          peauth.sys                                                                                        A181CCC1 28 Bytes  [4F, 22, CE, 95, 6A, D6, 09, ...]
PAGE            peauth.sys                                                                                        A1822E20 101 Bytes  [A4, F0, 9F, C8, 9D, 08, 94, ...]
PAGE            peauth.sys                                                                                        A182302C 102 Bytes  [07, F5, A5, 14, BE, 26, 27, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [73D02494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]              [73CE5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [73CE56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                    [73D0250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]          [73CF8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]            [73CF4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [73CF50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]          [73CF51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [73CF66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [73CF82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]      [73CF8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]    [73CF907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]          [73CFE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]              [73CF4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume12                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume13                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume14                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume15                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume11                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:4180]                                                                                    A209FF2E

---- EOF - GMER 1.0.15 ----
--- --- ---


Der Log von OSAM:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:19:05 on 24.07.2010

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Opera Software Opera Internet Browser 10.60

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"CrystalSysInfo" (CrystalSysInfo) - ? - D:\Multimedia\MediaCoder iPod Edition\SysInfo.sys  (File found, but it contains no detailed information)
"CyberLink InstantBurn UDF Reader Help Driver" (CLBStor) - "Cyberlink Co.,Ltd." - C:\Windows\system32\drivers\CLBStor.sys
"CyberLink UDF Filesystem" (CLBUDFR) - "CyberLink Corporation." - C:\Windows\system32\drivers\CLBUDFR.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ugrdifoc" (ugrdifoc) - ? - C:\Users\***\AppData\Local\Temp\ugrdifoc.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Office\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Multimedia\iTunes\iTunesMiniPlayer.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Office\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Office\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Office\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Office\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\VirtualCloneDrive\ElbyVCDShell.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"IntelliPoint" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"itype" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "D:\Internet\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\VirtualCloneDrive\VCDDaemon.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"AUC Helper" (AUCAutostartWinService) - ? - D:\Sonstiges\AUC\AUC Autostart.exe  (File found, but it contains no detailed information)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMSAccessU" (NMSAccessU) - ? - D:\Sonstiges\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - D:\Internet\Team Viewer\TeamViewer_Service.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Und im Anhang das Ausgabefenster vom bootkit REmover

Soll ich da jetzt was spezielles machen?

LG

cosinus 26.07.2010 14:45
Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:
Code:
remover.exe dump \\.\PhysicalDrive0 c:\mbr.dat
Lad danach die neu erstellte Datei c:\mbr.dat bitte bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html

TroBaz 27.07.2010 11:47
Vielen Dank für die schnellen und kompetenten Reaktionen!

Die MBR.dat is nun hochgeladen!

LG

cosinus 27.07.2010 13:29
Dann jetzt wieder die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:
Code:
remover.exe fix \\.\PhysicalDrive0

TroBaz 27.07.2010 15:05
OK, erledigt... GRUB zerschossen *grins*, MBR musste neu repariert werden von Windows, nu muss ich erst mal GRUB nach installieren...
Wollte sowieso System neu aufsetzen, aber zu erst wollte ich dringend in Erfahrung bringen, was ich mir da für ein Mistvieh eingefangen habe, und wie ich es wieder los werde.

Muss ich jetzt wieder was scannen, oder ist es nun wirklich weg? Und wie gesagt: Weiss man schon was näheres, woher er kommt und wie der Virus "per se " heisst?

Danke vielmal und liebe Grüsse

cosinus 27.07.2010 15:21
Oh, Du hast ja Linux auch drauf, dann ist der MBR natürlich anders :headbang:

Zitat:
aber zu erst wollte ich dringend in Erfahrung bringen, was ich mir da für ein Mistvieh eingefangen habe, und wie ich es wieder los werde.
Was genau der Schädling macht kann ich Dir nicht sagen. Das wissen nur die Virenautoren.

TroBaz 27.07.2010 15:31
Zitat:
Was genau der Schädling macht kann ich Dir nicht sagen. Das wissen nur die Virenautoren.
DAVON ging ich auch nicht aus, dass du das kannst :lach:, aber vielleicht weisst du ja sonst was über den bösen Buben da.. hätte ja sein können

Brauchst du sonst noch irgendwas für die Analysen und so? Oder kann man davon ausgehen, dass Virus nun weg ist? Nicht das ich jetzt mit einem Re-Install vom GRUB alles versemmel

cosinus 27.07.2010 15:39
Zitat:
Nicht das ich jetzt mit einem Re-Install vom GRUB alles versemmel
Das musst Du ja machen, damit Linux wieder bootet...

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

TroBaz 27.07.2010 17:26
Mist... da is schon wieder was...

HIer die Logs:
Malwarebytes
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4357

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.07.2010 17:43:52
mbam-log-2010-07-27 (17-43-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 302593
Laufzeit: 52 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Roaming\usernt.dat (Malware.Trace) -> No action taken.
Die besagte Datei wurde danach mittels Programm gelöscht

und hier der "cleane" Super-Log:
Code:
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 07/27/2010 bei 06:20 PM

Version der Applikation : 4.41.1000

Version der Kern-Datenbank : 5272
Version der Spur-Datenbank : 3084

Scan Art      : kompletter Scann
Totale Scann-Zeit : 00:33:43

Gescannte Speicherelemente  : 316
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 8018
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 38139
Erfasste Datei-Elemente  : 0
Dankefein und lieben Gruss!


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:12 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19