Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner: TAN-Abfrage beim Targobank-Onlinebanking (https://www.trojaner-board.de/115991-trojaner-tan-abfrage-beim-targobank-onlinebanking.html)

Chrizzie 30.05.2012 09:40
Trojaner: TAN-Abfrage beim Targobank-Onlinebanking
 
Liste der Anhänge anzeigen (Anzahl: 1)
Guten Morgen,

meine Frau hat sich auf ihrem Rechner was eingefangen; nach dem Einloggen beim Onlinebanking sollte sie ihre gesamte TAN-Liste abtippen - was sie natürlich nicht gemacht hat. Den Bankingzugang hat sie erst mal sperren lassen, und dann war ich an der Reihe.

- Nachdem sich in diesem Board auch schon einige ähnliche Threads fanden, habe ich Malwarebytes Anti-Malware drüberlaufen lassen. Hier der erste Log:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.30.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
*** :: ***-PC [Administrator]

Schutz: Aktiviert

30.05.2012 07:41:26
mbam-log-2012-05-30 (07-41-26).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 267129
Laufzeit: 32 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\System32\cmdow.exe (PUP.Tool) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
- Die infizierte Datei durch Anti-Malware entfernen lassen. Dann der 2. Suchlauf:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.30.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
*** :: ***-PC [Administrator]

Schutz: Aktiviert

30.05.2012 08:26:49
mbam-log-2012-05-30 (08-26-49).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 145495
Laufzeit: 1 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
- Defogger erfolgreich ausgeführt.

- OTL ausgeführt. Hier die OTL.txt:

Code:
OTL logfile created on: 30.05.2012 09:05:40 - Run 1
OTL by OldTimer - Version 3.2.44.0    Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,62% Memory free
3,99 Gb Paging File | 3,04 Gb Available in Paging File | 76,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91,51 Gb Total Space | 42,86 Gb Free Space | 46,83% Space Free | Partition Type: NTFS
Drive D: | 20,27 Gb Total Space | 12,50 Gb Free Space | 61,66% Space Free | Partition Type: FAT32
Drive F: | 7,55 Gb Total Space | 6,97 Gb Free Space | 92,30% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.30 08:51:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.10.15 09:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 09:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.09.20 08:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007.09.12 18:48:08 | 000,032,768 | ---- | M] () -- C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe
PRC - [2007.08.09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.26 18:37:22 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\s3trayp.exe
PRC - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMWDSrv.exe
PRC - [2007.04.04 11:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMProcess.exe
PRC - [2007.03.28 00:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMCONFIG.exe
PRC - [2007.03.06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\StartAutorun.exe
PRC - [2006.05.29 13:40:46 | 000,266,240 | ---- | M] () -- C:\Windows\System32\ESB.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.09.12 18:48:08 | 000,032,768 | ---- | M] () -- C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe
MOD - [2007.06.22 13:59:38 | 000,077,824 | ---- | M] () -- C:\Windows\System32\glspef.ax
MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Programme\Mouse Driver\keydll.dll
MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2006.05.29 13:40:46 | 000,266,240 | ---- | M] () -- C:\Windows\System32\ESB.EXE
MOD - [2005.05.04 19:12:46 | 000,028,672 | ---- | M] () -- C:\Programme\Mouse Driver\MouseHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.03 19:20:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:35:13 | 000,122,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.01.21 04:34:00 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008.01.21 04:33:46 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2006.06.01 21:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.01 00:41:55 | 000,337,920 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2008.07.06 20:59:11 | 000,223,424 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008.01.21 04:33:22 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008.01.21 04:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2008.01.21 04:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2008.01.21 04:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:32:51 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008.01.21 04:32:51 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2008.01.21 04:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:32:50 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2008.01.21 04:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:32:49 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008.01.21 04:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:32:48 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2008.01.21 04:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:32:47 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:32:45 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2008.01.21 04:32:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008.01.21 04:32:45 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008.01.21 04:32:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008.01.21 04:32:23 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2008.01.21 04:32:22 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008.01.21 04:32:22 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008.01.21 04:32:22 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008.01.21 04:32:21 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008.01.21 04:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008.01.21 04:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008.01.21 04:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2008.01.21 04:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008.01.21 04:32:21 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008.01.21 04:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2008.01.21 04:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2008.01.21 04:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.21 04:32:21 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2008.01.21 04:32:21 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008.01.21 04:32:21 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2007.07.20 09:59:44 | 000,791,040 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP)
DRV - [2007.06.26 13:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)
DRV - [2007.06.18 16:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007.03.29 15:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006.11.02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2001.12.20 22:54:56 | 000,011,372 | ---- | M] (Copyright (C) Grand Tech Corp. ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\GT680x.SYS -- (GT680x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=googlemail"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30109.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 19:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.30 21:09:37 | 000,000,000 | ---D | M]
 
[2011.04.20 22:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.05.21 17:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions
[2012.02.05 20:40:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.21 17:49:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.20 15:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.05 20:31:12 | 000,128,458 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OY07AAK.DEFAULT\EXTENSIONS\BETTERFACEBOOK@MATTKRUSE.COM.XPI
[2011.11.08 23:40:42 | 000,009,644 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OY07AAK.DEFAULT\EXTENSIONS\PRINTPDF@PAVLOV.NET.XPI
[2012.05.03 19:20:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.11 20:58:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 20:58:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.11 20:58:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 20:58:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.11 20:58:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 20:58:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ESB] C:\Windows\System32\ESB.EXE ()
O4 - HKLM..\Run: [GenePccMon.exe] C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe ()
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Esfoycohu] C:\Users\***\AppData\Roaming\Qafiic\ystoi.exe (IEInspector Software)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} hxxp://www.arcor.de/vod/dmd/WMDownload.cab (InetDownload Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DDB1FDD-F9EC-4C97-9B70-22795AAC9605}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bce53fdf-c1d9-11dd-88e1-0040d0e87494}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
O33 - MountPoints2\{cf2db268-5cbb-11e1-afa4-0040d0e87494}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2db268-5cbb-11e1-afa4-0040d0e87494}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.30 09:03:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.30 07:38:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.05.30 07:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.30 07:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.30 07:38:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.30 07:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.25 19:10:04 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft-Support für
[2012.05.25 19:10:04 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qafiic
[2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ibqoz
[2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ablum
[2012.05.03 19:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.03 19:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.30 09:04:19 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.05.30 08:52:11 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\qw9e5be1.exe
[2012.05.30 08:51:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.30 08:51:01 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.05.30 08:24:41 | 000,628,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.30 08:24:41 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.30 08:24:41 | 000,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.30 08:24:41 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.30 08:20:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 08:20:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 08:20:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.30 08:20:14 | 2011,291,648 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.30 07:38:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.29 21:34:25 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job
 
========== Files Created - No Company Name ==========
 
[2012.05.30 09:04:19 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.05.30 09:03:35 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\qw9e5be1.exe
[2012.05.30 09:03:35 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.05.30 07:38:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.10.19 20:59:17 | 000,164,349 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.10.19 20:59:04 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
 
========== LOP Check ==========
 
[2012.05.30 07:10:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ablum
[2010.04.01 21:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cl-Soft
[2012.05.30 08:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.02.05 21:34:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.02.05 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.06 20:37:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.02.05 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2012.05.23 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ibqoz
[2012.05.23 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qafiic
[2010.05.19 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SparweltGutschein
[2008.07.06 22:29:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.05.30 08:19:26 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.29 21:34:25 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job
 
========== Purity Check ==========
 
 

< End of report >
und noch die Extras.txt:

Code:
OTL logfile created on: 30.05.2012 09:05:40 - Run 1
OTL by OldTimer - Version 3.2.44.0    Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,62% Memory free
3,99 Gb Paging File | 3,04 Gb Available in Paging File | 76,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91,51 Gb Total Space | 42,86 Gb Free Space | 46,83% Space Free | Partition Type: NTFS
Drive D: | 20,27 Gb Total Space | 12,50 Gb Free Space | 61,66% Space Free | Partition Type: FAT32
Drive F: | 7,55 Gb Total Space | 6,97 Gb Free Space | 92,30% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.30 08:51:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.10.15 09:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 09:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.09.20 08:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007.09.12 18:48:08 | 000,032,768 | ---- | M] () -- C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe
PRC - [2007.08.09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.26 18:37:22 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\s3trayp.exe
PRC - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMWDSrv.exe
PRC - [2007.04.04 11:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMProcess.exe
PRC - [2007.03.28 00:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMCONFIG.exe
PRC - [2007.03.06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\StartAutorun.exe
PRC - [2006.05.29 13:40:46 | 000,266,240 | ---- | M] () -- C:\Windows\System32\ESB.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.09.12 18:48:08 | 000,032,768 | ---- | M] () -- C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe
MOD - [2007.06.22 13:59:38 | 000,077,824 | ---- | M] () -- C:\Windows\System32\glspef.ax
MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Programme\Mouse Driver\keydll.dll
MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2006.05.29 13:40:46 | 000,266,240 | ---- | M] () -- C:\Windows\System32\ESB.EXE
MOD - [2005.05.04 19:12:46 | 000,028,672 | ---- | M] () -- C:\Programme\Mouse Driver\MouseHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.03 19:20:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:35:13 | 000,122,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.01.21 04:34:00 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008.01.21 04:33:46 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2006.06.01 21:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.01 00:41:55 | 000,337,920 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2008.07.06 20:59:11 | 000,223,424 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008.01.21 04:33:22 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008.01.21 04:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2008.01.21 04:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2008.01.21 04:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:32:51 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008.01.21 04:32:51 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2008.01.21 04:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:32:50 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2008.01.21 04:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:32:49 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008.01.21 04:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:32:48 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2008.01.21 04:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:32:47 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:32:45 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2008.01.21 04:32:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008.01.21 04:32:45 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008.01.21 04:32:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008.01.21 04:32:23 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2008.01.21 04:32:22 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008.01.21 04:32:22 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008.01.21 04:32:22 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008.01.21 04:32:21 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008.01.21 04:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008.01.21 04:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008.01.21 04:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2008.01.21 04:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008.01.21 04:32:21 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008.01.21 04:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2008.01.21 04:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2008.01.21 04:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.21 04:32:21 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2008.01.21 04:32:21 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008.01.21 04:32:21 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2007.07.20 09:59:44 | 000,791,040 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP)
DRV - [2007.06.26 13:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)
DRV - [2007.06.18 16:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007.03.29 15:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006.11.02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2001.12.20 22:54:56 | 000,011,372 | ---- | M] (Copyright (C) Grand Tech Corp. ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\GT680x.SYS -- (GT680x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=googlemail"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30109.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 19:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.30 21:09:37 | 000,000,000 | ---D | M]
 
[2011.04.20 22:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.05.21 17:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions
[2012.02.05 20:40:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.21 17:49:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.20 15:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.05 20:31:12 | 000,128,458 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OY07AAK.DEFAULT\EXTENSIONS\BETTERFACEBOOK@MATTKRUSE.COM.XPI
[2011.11.08 23:40:42 | 000,009,644 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OY07AAK.DEFAULT\EXTENSIONS\PRINTPDF@PAVLOV.NET.XPI
[2012.05.03 19:20:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.11 20:58:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 20:58:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.11 20:58:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 20:58:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.11 20:58:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 20:58:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ESB] C:\Windows\System32\ESB.EXE ()
O4 - HKLM..\Run: [GenePccMon.exe] C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe ()
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Esfoycohu] C:\Users\***\AppData\Roaming\Qafiic\ystoi.exe (IEInspector Software)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} hxxp://www.arcor.de/vod/dmd/WMDownload.cab (InetDownload Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DDB1FDD-F9EC-4C97-9B70-22795AAC9605}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bce53fdf-c1d9-11dd-88e1-0040d0e87494}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
O33 - MountPoints2\{cf2db268-5cbb-11e1-afa4-0040d0e87494}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2db268-5cbb-11e1-afa4-0040d0e87494}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.30 09:03:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.30 07:38:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.05.30 07:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.30 07:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.30 07:38:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.30 07:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.25 19:10:04 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft-Support für
[2012.05.25 19:10:04 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qafiic
[2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ibqoz
[2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ablum
[2012.05.03 19:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.03 19:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.30 09:04:19 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.05.30 08:52:11 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\qw9e5be1.exe
[2012.05.30 08:51:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.30 08:51:01 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.05.30 08:24:41 | 000,628,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.30 08:24:41 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.30 08:24:41 | 000,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.30 08:24:41 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.30 08:20:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 08:20:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 08:20:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.30 08:20:14 | 2011,291,648 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.30 07:38:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.29 21:34:25 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job
 
========== Files Created - No Company Name ==========
 
[2012.05.30 09:04:19 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.05.30 09:03:35 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\qw9e5be1.exe
[2012.05.30 09:03:35 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.05.30 07:38:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.10.19 20:59:17 | 000,164,349 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.10.19 20:59:04 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
 
========== LOP Check ==========
 
[2012.05.30 07:10:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ablum
[2010.04.01 21:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cl-Soft
[2012.05.30 08:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.02.05 21:34:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.02.05 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.06 20:37:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.02.05 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2012.05.23 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ibqoz
[2012.05.23 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qafiic
[2010.05.19 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SparweltGutschein
[2008.07.06 22:29:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.05.30 08:19:26 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.29 21:34:25 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job
 
========== Purity Check ==========
 
 

< End of report >
- und zu guter letzt GMER, das Logfile findet ihr im Anhang.

Ich würde mich sehr freuen, wenn ihr mal drüberschauen könnt und mir helft.
Vielen Dank schon mal !

Gruß
Christian

Psychotic 30.05.2012 10:22
:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  • Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren) - wenn du die anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  • Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  • Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.


Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Chrizzie 30.05.2012 11:26
Hallo Marius,

danke für die schnelle Rückmeldung.

Hier ist das Combofix-Log:

[CODE]
Combofix Logfile:
Code:
ComboFix 12-05-30.02 - *** 30.05.2012  12:01:29.1.2 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6001.1.1252.49.1031.18.1917.949 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dsci0077.jpg
C:\dsci0081.jpg
C:\dsci0082.jpg
C:\dsci0084.jpg
C:\dsci0085.jpg
c:\users\***\AppData\Local\.#
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-30 10:09 . 2012-05-30 10:09        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-30 05:38 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-25 17:10 . 2012-05-30 05:51        --------        d-----w-        c:\windows\Microsoft Antimalware
2012-05-25 17:10 . 2012-05-25 17:10        --------        d-----w-        c:\windows\Microsoft-Support für
2012-05-23 19:38 . 2012-05-30 05:10        --------        d-----w-        c:\users\***\AppData\Roaming\Ablum
2012-05-23 19:38 . 2012-05-23 19:38        --------        d-----w-        c:\users\***\AppData\Roaming\Qafiic
2012-05-23 19:38 . 2012-05-23 19:38        --------        d-----w-        c:\users\***\AppData\Roaming\Ibqoz
2012-05-03 17:20 . 2012-05-03 17:20        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-05-03 17:20 . 2012-05-03 17:20        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 17:20 . 2012-05-03 17:20        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 08:05 . 2012-01-05 20:09        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 17:20 . 2011-04-20 20:23        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
"Esfoycohu"="c:\users\***\AppData\Roaming\Qafiic\ystoi.exe" [2010-09-21 359936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"ESB"="c:\windows\system32\ESB.EXE" [2006-05-29 266240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-24 869936]
"S3Trayp"="S3Trayp.exe" [2007-06-26 176128]
"GenePccMon.exe"="c:\program files\Genesys Logic PC Camera Device\GenePccMon.exe" [2007-09-12 32768]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-05 149280]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.medion.com/
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8oy07aak.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=googlemail
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{7095FD27-37F0-4750-9DE8-D37DC0043706} - c:\program files\InstallShield Installation Information\{7095FD27-37F0-4750-9DE8-D37DC0043706}\Install.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 12:11
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  GenePccMon.exe = c:\program files\Genesys Logic PC Camera Device\GenePccMon.exe?????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2500)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Mouse Driver\KMWDSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\conime.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\s3trayp.exe
c:\program files\Mouse Driver\KMConfig.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-30  12:16:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-30 10:16
.
Vor Suchlauf: 7 Verzeichnis(se), 46.835.748.864 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 47.687.786.496 Bytes frei
.
- - End Of File - - 4F7B1A62E69F61B30D96F082DA0667BE
--- --- ---



Noch eine Frage: Auf dem System lief Avira Antivir. Habe Antivir heute morgen aber entfernt, um Kaspersky Internet Security 2012 zu installieren. Diese Installation brach aber mit einer Fehlermeldung ab. Kann das an dem Schädling gelegen haben?


Gruß
Christian

Psychotic 30.05.2012 11:41
Hallo Christian,

dass es an dem Schädling lag, ist eher unwahrscheinlich!
Werden wir uns aber nachher ansehen, momentan haben wir andere Sorgen:


CF-Script

Hinweis: Durch *** ersetzte Komponenten müssen wieder umbenannt werden!


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
http://www.trojaner-board.de/115991-trojaner-tan-abfrage-beim-targobank-onlinebanking.html

COLLECT::
c:\users\***\AppData\Roaming\Qafiic\ystoi.exe

DIRLOOK::
c:\users\***\AppData\Roaming\Ablum
c:\users\***\AppData\Roaming\Qafiic
c:\users\***\AppData\Roaming\Ibqoz

REGISTRY::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Esfoycohu"=-
CLEARJAVACACHE::
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Chrizzie 30.05.2012 12:24
Datei wurde durch ComboFix hochgeladen. Hier ist das Log:

Code:
Combofix Logfile:

       
Code:

       
ComboFix 12-05-30.02 - *** 30.05.2012  13:01:25.2.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.49.1031.18.1917.1152 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\users\***\AppData\Roaming\Qafiic\ystoi.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\Qafiic\ystoi.exe
.
Infizierte Kopie von c:\windows\system32\drivers\ntfs.sys wurde gefunden und desinfiziert
Kopie von - c:\windows\ERDNT\cache\ntfs.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-30 11:08 . 2012-05-30 11:08        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-30 10:16 . 2012-05-30 11:10        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-30 05:38 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-25 17:10 . 2012-05-30 05:51        --------        d-----w-        c:\windows\Microsoft Antimalware
2012-05-25 17:10 . 2012-05-25 17:10        --------        d-----w-        c:\windows\Microsoft-Support für
2012-05-23 19:38 . 2012-05-30 11:08        --------        d-----w-        c:\users\***\AppData\Roaming\Qafiic
2012-05-23 19:38 . 2012-05-30 05:10        --------        d-----w-        c:\users\***\AppData\Roaming\Ablum
2012-05-23 19:38 . 2012-05-23 19:38        --------        d-----w-        c:\users\***\AppData\Roaming\Ibqoz
2012-05-03 17:20 . 2012-05-03 17:20        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-05-03 17:20 . 2012-05-03 17:20        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 17:20 . 2012-05-03 17:20        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 08:05 . 2012-01-05 20:09        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 17:20 . 2011-04-20 20:23        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\***\AppData\Roaming\Ablum ----
.
2012-05-29 19:42 . 2012-05-29 19:48        19935        ----a-w-        c:\users\***\AppData\Roaming\Ablum\taew.tmp
.
---- Directory of c:\users\***\AppData\Roaming\Ibqoz ----
.
2009-10-09 11:28 . 2012-05-23 19:54        415853        ----a-w-        c:\users\***\AppData\Roaming\Ibqoz\diip.yml
.
---- Directory of c:\users\***\AppData\Roaming\Qafiic ----
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"ESB"="c:\windows\system32\ESB.EXE" [2006-05-29 266240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-24 869936]
"S3Trayp"="S3Trayp.exe" [2007-06-26 176128]
"GenePccMon.exe"="c:\program files\Genesys Logic PC Camera Device\GenePccMon.exe" [2007-09-12 32768]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-05 149280]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc
HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.medion.com/
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8oy07aak.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=googlemail
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 13:10
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  GenePccMon.exe = c:\program files\Genesys Logic PC Camera Device\GenePccMon.exe?????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2584)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Mouse Driver\KMWDSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\conime.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\s3trayp.exe
c:\program files\Mouse Driver\KMConfig.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-30  13:14:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-30 11:14
ComboFix2.txt  2012-05-30 10:16
.
Vor Suchlauf: 10 Verzeichnis(se), 47.836.647.424 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 47.826.341.888 Bytes frei
.
- - End Of File - - 6E28E4305226B6458F8ECEDB63A02CA4

--- --- ---
Hochladen war erfolgreich
Gruss
Christian

Psychotic 30.05.2012 12:27
Scan mit TDSS-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

Chrizzie 30.05.2012 12:33
Und hier das Log:

Code:
13:31:06.0675 2532        TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
13:31:07.0175 2532        ============================================================
13:31:07.0175 2532        Current date / time: 2012/05/30 13:31:07.0175
13:31:07.0175 2532        SystemInfo:
13:31:07.0175 2532       
13:31:07.0175 2532        OS Version: 6.0.6001 ServicePack: 1.0
13:31:07.0175 2532        Product type: Workstation
13:31:07.0175 2532        ComputerName: ***-PC
13:31:07.0175 2532        UserName: ***
13:31:07.0175 2532        Windows directory: C:\Windows
13:31:07.0175 2532        System windows directory: C:\Windows
13:31:07.0175 2532        Processor architecture: Intel x86
13:31:07.0175 2532        Number of processors: 2
13:31:07.0175 2532        Page size: 0x1000
13:31:07.0175 2532        Boot type: Normal boot
13:31:07.0175 2532        ============================================================
13:31:08.0300 2532        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:31:08.0300 2532        Drive \Device\Harddisk1\DR2 - Size: 0x1E3000000 (7.55 Gb), SectorSize: 0x200, Cylinders: 0x3D9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:31:08.0315 2532        ============================================================
13:31:08.0315 2532        \Device\Harddisk0\DR0:
13:31:08.0315 2532        MBR partitions:
13:31:08.0315 2532        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xB703000
13:31:08.0315 2532        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xB703800, BlocksNum 0x2890800
13:31:08.0315 2532        \Device\Harddisk1\DR2:
13:31:08.0315 2532        MBR partitions:
13:31:08.0315 2532        \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0xF17FE0
13:31:08.0315 2532        ============================================================
13:31:08.0346 2532        C: <-> \Device\Harddisk0\DR0\Partition0
13:31:08.0378 2532        D: <-> \Device\Harddisk0\DR0\Partition1
13:31:08.0378 2532        ============================================================
13:31:08.0378 2532        Initialize success
13:31:08.0378 2532        ============================================================
13:31:27.0081 3808        ============================================================
13:31:27.0081 3808        Scan started
13:31:27.0081 3808        Mode: Manual; TDLFS;
13:31:27.0081 3808        ============================================================
13:31:27.0800 3808        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
13:31:27.0815 3808        ACPI - ok
13:31:27.0878 3808        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:31:27.0878 3808        adp94xx - ok
13:31:27.0909 3808        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:31:27.0925 3808        adpahci - ok
13:31:27.0956 3808        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:31:27.0956 3808        adpu160m - ok
13:31:28.0003 3808        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:31:28.0003 3808        adpu320 - ok
13:31:28.0034 3808        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:31:28.0034 3808        AeLookupSvc - ok
13:31:28.0081 3808        AFD            (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
13:31:28.0112 3808        AFD - ok
13:31:28.0143 3808        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:31:28.0143 3808        aic78xx - ok
13:31:28.0190 3808        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:31:28.0190 3808        ALG - ok
13:31:28.0206 3808        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:31:28.0206 3808        aliide - ok
13:31:28.0253 3808        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:31:28.0253 3808        amdagp - ok
13:31:28.0284 3808        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:31:28.0284 3808        amdide - ok
13:31:28.0300 3808        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:31:28.0300 3808        AmdK7 - ok
13:31:28.0346 3808        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:31:28.0346 3808        AmdK8 - ok
13:31:28.0393 3808        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:31:28.0393 3808        Appinfo - ok
13:31:28.0456 3808        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:31:28.0456 3808        arc - ok
13:31:28.0471 3808        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:31:28.0471 3808        arcsas - ok
13:31:28.0565 3808        aspnet_state    (ca89a5872dafab3d1932275d3eda26d8) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:31:28.0565 3808        aspnet_state - ok
13:31:28.0612 3808        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:31:28.0612 3808        AsyncMac - ok
13:31:28.0628 3808        atapi          (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
13:31:28.0628 3808        atapi - ok
13:31:28.0690 3808        AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
13:31:28.0690 3808        AudioEndpointBuilder - ok
13:31:28.0706 3808        Audiosrv        (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
13:31:28.0706 3808        Audiosrv - ok
13:31:28.0753 3808        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:31:28.0753 3808        Beep - ok
13:31:28.0815 3808        BFE            (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
13:31:28.0831 3808        BFE - ok
13:31:28.0956 3808        BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
13:31:28.0956 3808        BITS - ok
13:31:28.0971 3808        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:31:28.0987 3808        blbdrive - ok
13:31:29.0003 3808        bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
13:31:29.0003 3808        bowser - ok
13:31:29.0050 3808        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:31:29.0050 3808        BrFiltLo - ok
13:31:29.0081 3808        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:31:29.0081 3808        BrFiltUp - ok
13:31:29.0128 3808        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:31:29.0128 3808        Browser - ok
13:31:29.0159 3808        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:31:29.0159 3808        Brserid - ok
13:31:29.0190 3808        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:31:29.0190 3808        BrSerWdm - ok
13:31:29.0221 3808        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:31:29.0221 3808        BrUsbMdm - ok
13:31:29.0253 3808        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:31:29.0253 3808        BrUsbSer - ok
13:31:29.0284 3808        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:31:29.0284 3808        BTHMODEM - ok
13:31:29.0315 3808        catchme - ok
13:31:29.0378 3808        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:31:29.0378 3808        cdfs - ok
13:31:29.0393 3808        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
13:31:29.0393 3808        cdrom - ok
13:31:29.0456 3808        CertPropSvc    (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
13:31:29.0456 3808        CertPropSvc - ok
13:31:29.0565 3808        CFcatchme - ok
13:31:29.0612 3808        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:31:29.0612 3808        circlass - ok
13:31:29.0643 3808        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
13:31:29.0659 3808        CLFS - ok
13:31:29.0721 3808        clr_optimization_v2.0.50727_32 (a4af4201bd519971f8f34724f3ca9dbb) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:31:29.0737 3808        clr_optimization_v2.0.50727_32 - ok
13:31:29.0784 3808        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:31:29.0784 3808        CmBatt - ok
13:31:29.0831 3808        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:31:29.0831 3808        cmdide - ok
13:31:29.0862 3808        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:31:29.0862 3808        Compbatt - ok
13:31:29.0878 3808        COMSysApp - ok
13:31:29.0909 3808        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:31:29.0909 3808        crcdisk - ok
13:31:29.0925 3808        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:31:29.0925 3808        Crusoe - ok
13:31:29.0971 3808        CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
13:31:29.0971 3808        CryptSvc - ok
13:31:30.0034 3808        DCamUSBGene    (4aefc07ae970fb75201cdcb79e9bad33) C:\Windows\system32\DRIVERS\usbgene.sys
13:31:30.0034 3808        DCamUSBGene - ok
13:31:30.0112 3808        DcomLaunch      (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
13:31:30.0128 3808        DcomLaunch - ok
13:31:30.0143 3808        DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
13:31:30.0143 3808        DfsC - ok
13:31:30.0300 3808        DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
13:31:30.0346 3808        DFSR - ok
13:31:30.0487 3808        Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
13:31:30.0503 3808        Dhcp - ok
13:31:30.0565 3808        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
13:31:30.0565 3808        disk - ok
13:31:30.0612 3808        Dnscache        (f5a0f1da1ed8b429597e71d27d976e31) C:\Windows\System32\dnsrslvr.dll
13:31:30.0612 3808        Dnscache - ok
13:31:30.0643 3808        dot3svc        (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
13:31:30.0659 3808        dot3svc - ok
13:31:30.0737 3808        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:31:30.0753 3808        Dot4 - ok
13:31:30.0784 3808        Dot4Print      (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:31:30.0784 3808        Dot4Print - ok
13:31:30.0815 3808        dot4usb        (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:31:30.0815 3808        dot4usb - ok
13:31:30.0846 3808        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:31:30.0862 3808        DPS - ok
13:31:30.0893 3808        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:31:30.0893 3808        drmkaud - ok
13:31:30.0971 3808        DXGKrnl        (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
13:31:30.0987 3808        DXGKrnl - ok
13:31:31.0018 3808        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:31:31.0018 3808        E1G60 - ok
13:31:31.0050 3808        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:31:31.0050 3808        EapHost - ok
13:31:31.0096 3808        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
13:31:31.0112 3808        Ecache - ok
13:31:31.0159 3808        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:31:31.0175 3808        elxstor - ok
13:31:31.0237 3808        EMDMgmt        (ba4e96d951ddad6ac3af3c91d4ac68bf) C:\Windows\system32\emdmgmt.dll
13:31:31.0237 3808        EMDMgmt - ok
13:31:31.0268 3808        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:31:31.0268 3808        ErrDev - ok
13:31:31.0346 3808        EventSystem    (f4bf4fa769db51b106d2b4b35256988b) C:\Windows\system32\es.dll
13:31:31.0346 3808        EventSystem - ok
13:31:31.0378 3808        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
13:31:31.0393 3808        exfat - ok
13:31:31.0409 3808        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
13:31:31.0425 3808        fastfat - ok
13:31:31.0456 3808        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:31:31.0456 3808        fdc - ok
13:31:31.0471 3808        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:31:31.0471 3808        fdPHost - ok
13:31:31.0503 3808        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:31:31.0518 3808        FDResPub - ok
13:31:31.0565 3808        FET5X86V        (263f2507788917ab54c4ab8bc740f290) C:\Windows\system32\DRIVERS\fetnd5bv.sys
13:31:31.0581 3808        FET5X86V - ok
13:31:31.0643 3808        FETNDIS        (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
13:31:31.0643 3808        FETNDIS - ok
13:31:31.0675 3808        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:31:31.0675 3808        FileInfo - ok
13:31:31.0690 3808        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:31:31.0690 3808        Filetrace - ok
13:31:31.0721 3808        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:31:31.0721 3808        flpydisk - ok
13:31:31.0768 3808        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
13:31:31.0768 3808        FltMgr - ok
13:31:31.0878 3808        FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:31:31.0878 3808        FontCache3.0.0.0 - ok
13:31:31.0893 3808        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:31:31.0893 3808        Fs_Rec - ok
13:31:31.0940 3808        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:31:31.0940 3808        gagp30kx - ok
13:31:32.0018 3808        gpsvc          (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
13:31:32.0018 3808        gpsvc - ok
13:31:32.0065 3808        GT680x          (eac11a7e7d21e50b42eb5ebe4e4abfde) C:\Windows\system32\Drivers\GT680x.sys
13:31:32.0065 3808        GT680x - ok
13:31:32.0175 3808        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:31:32.0190 3808        gusvc - ok
13:31:32.0237 3808        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:31:32.0253 3808        HdAudAddService - ok
13:31:32.0284 3808        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:31:32.0300 3808        HDAudBus - ok
13:31:32.0315 3808        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:31:32.0315 3808        HidBth - ok
13:31:32.0346 3808        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:31:32.0346 3808        HidIr - ok
13:31:32.0393 3808        hidserv        (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
13:31:32.0393 3808        hidserv - ok
13:31:32.0425 3808        HidUsb          (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
13:31:32.0425 3808        HidUsb - ok
13:31:32.0471 3808        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:31:32.0471 3808        hkmsvc - ok
13:31:32.0487 3808        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:31:32.0487 3808        HpCISSs - ok
13:31:32.0612 3808        hpqcxs08        (fcb563b0a23643e5f80b6ff1e60f610f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:31:32.0628 3808        hpqcxs08 - ok
13:31:32.0659 3808        hpqddsvc        (25e443e27165c652723a92d9bdfd4649) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:31:32.0675 3808        hpqddsvc - ok
13:31:32.0721 3808        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:31:32.0721 3808        HSFHWAZL - ok
13:31:32.0815 3808        HSF_DPV        (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:31:32.0831 3808        HSF_DPV - ok
13:31:32.0862 3808        HTTP            (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
13:31:32.0893 3808        HTTP - ok
13:31:32.0909 3808        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:31:32.0909 3808        i2omp - ok
13:31:32.0956 3808        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:31:32.0971 3808        i8042prt - ok
13:31:33.0018 3808        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:31:33.0018 3808        iaStorV - ok
13:31:33.0159 3808        idsvc          (e7cc3aeaed9893a88876744cd439f76c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:31:33.0175 3808        idsvc - ok
13:31:33.0190 3808        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:31:33.0190 3808        iirsp - ok
13:31:33.0253 3808        IKEEXT          (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
13:31:33.0253 3808        IKEEXT - ok
13:31:33.0425 3808        IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys
13:31:33.0440 3808        IntcAzAudAddService - ok
13:31:33.0612 3808        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:31:33.0612 3808        intelide - ok
13:31:33.0643 3808        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:31:33.0643 3808        intelppm - ok
13:31:33.0675 3808        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:31:33.0675 3808        IPBusEnum - ok
13:31:33.0706 3808        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:31:33.0721 3808        IpFilterDriver - ok
13:31:33.0753 3808        iphlpsvc        (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll
13:31:33.0753 3808        iphlpsvc - ok
13:31:33.0753 3808        IpInIp - ok
13:31:33.0800 3808        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:31:33.0800 3808        IPMIDRV - ok
13:31:33.0846 3808        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:31:33.0846 3808        IPNAT - ok
13:31:33.0862 3808        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:31:33.0862 3808        IRENUM - ok
13:31:33.0893 3808        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:31:33.0893 3808        isapnp - ok
13:31:33.0940 3808        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
13:31:33.0956 3808        iScsiPrt - ok
13:31:33.0956 3808        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:31:33.0956 3808        iteatapi - ok
13:31:33.0987 3808        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:31:33.0987 3808        iteraid - ok
13:31:34.0018 3808        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:31:34.0018 3808        kbdclass - ok
13:31:34.0050 3808        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
13:31:34.0050 3808        kbdhid - ok
13:31:34.0096 3808        KeyIso          (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
13:31:34.0096 3808        KeyIso - ok
13:31:34.0159 3808        KMWDFilter      (73186a580e287152b1be5087c0e92339) C:\Windows\System32\Drivers\KMWDFilter.SYS
13:31:34.0159 3808        KMWDFilter - ok
13:31:34.0284 3808        KMWDSERVICE    (3d6cb0db6fe125f622c02dc0249dde9f) C:\Program Files\Mouse Driver\KMWDSrv.exe
13:31:34.0284 3808        KMWDSERVICE - ok
13:31:34.0346 3808        KSecDD          (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
13:31:34.0346 3808        KSecDD - ok
13:31:34.0409 3808        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:31:34.0425 3808        KtmRm - ok
13:31:34.0471 3808        LanmanServer    (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\System32\srvsvc.dll
13:31:34.0471 3808        LanmanServer - ok
13:31:34.0503 3808        LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll
13:31:34.0503 3808        LanmanWorkstation - ok
13:31:34.0518 3808        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:31:34.0534 3808        lltdio - ok
13:31:34.0596 3808        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:31:34.0596 3808        lltdsvc - ok
13:31:34.0628 3808        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:31:34.0628 3808        lmhosts - ok
13:31:34.0659 3808        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:31:34.0659 3808        LSI_FC - ok
13:31:34.0706 3808        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:31:34.0706 3808        LSI_SAS - ok
13:31:34.0737 3808        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:31:34.0737 3808        LSI_SCSI - ok
13:31:34.0768 3808        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:31:34.0784 3808        luafv - ok
13:31:34.0862 3808        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:31:34.0862 3808        MBAMProtector - ok
13:31:35.0003 3808        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:31:35.0018 3808        MBAMService - ok
13:31:35.0050 3808        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:31:35.0065 3808        megasas - ok
13:31:35.0112 3808        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:31:35.0112 3808        MegaSR - ok
13:31:35.0143 3808        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:31:35.0143 3808        MMCSS - ok
13:31:35.0175 3808        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:31:35.0175 3808        Modem - ok
13:31:35.0206 3808        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:31:35.0206 3808        monitor - ok
13:31:35.0253 3808        motmodem        (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
13:31:35.0253 3808        motmodem - ok
13:31:35.0284 3808        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:31:35.0284 3808        mouclass - ok
13:31:35.0315 3808        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:31:35.0315 3808        mouhid - ok
13:31:35.0346 3808        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:31:35.0346 3808        MountMgr - ok
13:31:35.0456 3808        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:31:35.0456 3808        MozillaMaintenance - ok
13:31:35.0503 3808        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:31:35.0503 3808        mpio - ok
13:31:35.0534 3808        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:31:35.0534 3808        mpsdrv - ok
13:31:35.0596 3808        MpsSvc          (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
13:31:35.0596 3808        MpsSvc - ok
13:31:35.0628 3808        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:31:35.0628 3808        Mraid35x - ok
13:31:35.0643 3808        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
13:31:35.0643 3808        MRxDAV - ok
13:31:35.0690 3808        mrxsmb          (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:31:35.0690 3808        mrxsmb - ok
13:31:35.0721 3808        mrxsmb10        (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:31:35.0737 3808        mrxsmb10 - ok
13:31:35.0768 3808        mrxsmb20        (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:31:35.0768 3808        mrxsmb20 - ok
13:31:35.0784 3808        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:31:35.0784 3808        msahci - ok
13:31:35.0831 3808        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:31:35.0831 3808        msdsm - ok
13:31:35.0862 3808        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:31:35.0893 3808        MSDTC - ok
13:31:35.0909 3808        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:31:35.0909 3808        Msfs - ok
13:31:35.0956 3808        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:31:35.0956 3808        msisadrv - ok
13:31:35.0987 3808        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:31:35.0987 3808        MSiSCSI - ok
13:31:36.0003 3808        msiserver - ok
13:31:36.0018 3808        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:31:36.0018 3808        MSKSSRV - ok
13:31:36.0065 3808        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:31:36.0065 3808        MSPCLOCK - ok
13:31:36.0096 3808        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:31:36.0096 3808        MSPQM - ok
13:31:36.0159 3808        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
13:31:36.0159 3808        MsRPC - ok
13:31:36.0190 3808        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:31:36.0190 3808        mssmbios - ok
13:31:36.0206 3808        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:31:36.0221 3808        MSTEE - ok
13:31:36.0237 3808        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
13:31:36.0237 3808        Mup - ok
13:31:36.0300 3808        napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
13:31:36.0300 3808        napagent - ok
13:31:36.0331 3808        NativeWifiP    (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
13:31:36.0362 3808        NativeWifiP - ok
13:31:36.0425 3808        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
13:31:36.0425 3808        NDIS - ok
13:31:36.0456 3808        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:31:36.0456 3808        NdisTapi - ok
13:31:36.0487 3808        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:31:36.0487 3808        Ndisuio - ok
13:31:36.0534 3808        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
13:31:36.0534 3808        NdisWan - ok
13:31:36.0550 3808        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:31:36.0550 3808        NDProxy - ok
13:31:36.0737 3808        Nero BackItUp Scheduler 3 (6d4028d458eaaa1782099750790dc8c9) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
13:31:36.0753 3808        Nero BackItUp Scheduler 3 - ok
13:31:36.0815 3808        Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
13:31:36.0815 3808        Net Driver HPZ12 - ok
13:31:36.0862 3808        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:31:36.0862 3808        NetBIOS - ok
13:31:36.0893 3808        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
13:31:36.0893 3808        netbt - ok
13:31:36.0925 3808        Netlogon        (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
13:31:36.0925 3808        Netlogon - ok
13:31:36.0971 3808        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:31:36.0971 3808        Netman - ok
13:31:37.0018 3808        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:31:37.0018 3808        netprofm - ok
13:31:37.0096 3808        NetTcpPortSharing (f9102685f97f9ba85f4a70afcf722cfe) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:31:37.0096 3808        NetTcpPortSharing - ok
13:31:37.0128 3808        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:31:37.0128 3808        nfrd960 - ok
13:31:37.0159 3808        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:31:37.0175 3808        NlaSvc - ok
13:31:37.0284 3808        NMIndexingService (d36107465e716cf2335a25c54b6d11c2) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:31:37.0284 3808        NMIndexingService - ok
13:31:37.0315 3808        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
13:31:37.0315 3808        Npfs - ok
13:31:37.0331 3808        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:31:37.0331 3808        nsi - ok
13:31:37.0362 3808        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:31:37.0362 3808        nsiproxy - ok
13:31:37.0487 3808        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
13:31:37.0503 3808        Ntfs - ok
13:31:37.0518 3808        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:31:37.0534 3808        ntrigdigi - ok
13:31:37.0550 3808        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:31:37.0550 3808        Null - ok
13:31:37.0596 3808        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:31:37.0596 3808        nvraid - ok
13:31:37.0612 3808        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:31:37.0612 3808        nvstor - ok
13:31:37.0659 3808        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:31:37.0659 3808        nv_agp - ok
13:31:37.0659 3808        NwlnkFlt - ok
13:31:37.0675 3808        NwlnkFwd - ok
13:31:37.0721 3808        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
13:31:37.0721 3808        ohci1394 - ok
13:31:37.0815 3808        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:31:37.0815 3808        ose - ok
13:31:37.0909 3808        p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:31:37.0925 3808        p2pimsvc - ok
13:31:37.0925 3808        p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:31:37.0940 3808        p2psvc - ok
13:31:37.0956 3808        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:31:37.0956 3808        Parport - ok
13:31:37.0987 3808        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
13:31:37.0987 3808        partmgr - ok
13:31:38.0018 3808        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:31:38.0018 3808        Parvdm - ok
13:31:38.0034 3808        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:31:38.0050 3808        PcaSvc - ok
13:31:38.0081 3808        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
13:31:38.0081 3808        pci - ok
13:31:38.0112 3808        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
13:31:38.0112 3808        pciide - ok
13:31:38.0159 3808        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:31:38.0159 3808        pcmcia - ok
13:31:38.0253 3808        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:31:38.0284 3808        PEAUTH - ok
13:31:38.0425 3808        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:31:38.0456 3808        pla - ok
13:31:38.0612 3808        PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
13:31:38.0628 3808        PlugPlay - ok
13:31:38.0706 3808        Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
13:31:38.0706 3808        Pml Driver HPZ12 - ok
13:31:38.0784 3808        PNRPAutoReg    (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:31:38.0784 3808        PNRPAutoReg - ok
13:31:38.0800 3808        PNRPsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:31:38.0815 3808        PNRPsvc - ok
13:31:38.0878 3808        PolicyAgent    (017fb87911583b00da1581f07cb7e7f2) C:\Windows\System32\ipsecsvc.dll
13:31:38.0878 3808        PolicyAgent - ok
13:31:38.0956 3808        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:31:38.0956 3808        PptpMiniport - ok
13:31:38.0987 3808        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:31:38.0987 3808        Processor - ok
13:31:39.0018 3808        ProfSvc        (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
13:31:39.0018 3808        ProfSvc - ok
13:31:39.0050 3808        ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
13:31:39.0065 3808        ProtectedStorage - ok
13:31:39.0096 3808        PSched          (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
13:31:39.0096 3808        PSched - ok
13:31:39.0143 3808        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
13:31:39.0143 3808        PxHelp20 - ok
13:31:39.0268 3808        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:31:39.0284 3808        ql2300 - ok
13:31:39.0315 3808        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:31:39.0315 3808        ql40xx - ok
13:31:39.0362 3808        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:31:39.0378 3808        QWAVE - ok
13:31:39.0393 3808        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:31:39.0393 3808        QWAVEdrv - ok
13:31:39.0425 3808        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:31:39.0425 3808        RasAcd - ok
13:31:39.0471 3808        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:31:39.0471 3808        RasAuto - ok
13:31:39.0518 3808        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:31:39.0518 3808        Rasl2tp - ok
13:31:39.0550 3808        RasMan          (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
13:31:39.0565 3808        RasMan - ok
13:31:39.0596 3808        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
13:31:39.0596 3808        RasPppoe - ok
13:31:39.0628 3808        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
13:31:39.0628 3808        RasSstp - ok
13:31:39.0675 3808        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
13:31:39.0675 3808        rdbss - ok
13:31:39.0690 3808        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:31:39.0690 3808        RDPCDD - ok
13:31:39.0737 3808        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:31:39.0737 3808        rdpdr - ok
13:31:39.0753 3808        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:31:39.0753 3808        RDPENCDD - ok
13:31:39.0800 3808        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
13:31:39.0800 3808        RDPWD - ok
13:31:39.0846 3808        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:31:39.0846 3808        RemoteAccess - ok
13:31:39.0862 3808        RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
13:31:39.0878 3808        RemoteRegistry - ok
13:31:39.0909 3808        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:31:39.0909 3808        RpcLocator - ok
13:31:39.0971 3808        RpcSs          (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
13:31:39.0971 3808        RpcSs - ok
13:31:39.0987 3808        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:31:40.0003 3808        rspndr - ok
13:31:40.0050 3808        RTL8187B        (c279a9a9f946359548e5665c0e8bab15) C:\Windows\system32\DRIVERS\RTL8187B.sys
13:31:40.0081 3808        RTL8187B - ok
13:31:40.0175 3808        S3GIGP          (f42777bda6d33bdf54a67b1d608300b3) C:\Windows\system32\DRIVERS\VTGKModeDX32.sys
13:31:40.0175 3808        S3GIGP - ok
13:31:40.0221 3808        SamSs          (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
13:31:40.0221 3808        SamSs - ok
13:31:40.0253 3808        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:31:40.0253 3808        sbp2port - ok
13:31:40.0315 3808        SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
13:31:40.0315 3808        SCardSvr - ok
13:31:40.0393 3808        Schedule        (1d5e99db3c10f4fa034010dc49043ca4) C:\Windows\system32\schedsvc.dll
13:31:40.0393 3808        Schedule - ok
13:31:40.0440 3808        SCPolicySvc    (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
13:31:40.0440 3808        SCPolicySvc - ok
13:31:40.0471 3808        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:31:40.0487 3808        SDRSVC - ok
13:31:40.0487 3808        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:31:40.0503 3808        secdrv - ok
13:31:40.0518 3808        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:31:40.0518 3808        seclogon - ok
13:31:40.0550 3808        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
13:31:40.0550 3808        SENS - ok
13:31:40.0596 3808        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:31:40.0596 3808        Serenum - ok
13:31:40.0612 3808        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:31:40.0612 3808        Serial - ok
13:31:40.0643 3808        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:31:40.0643 3808        sermouse - ok
13:31:40.0706 3808        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:31:40.0706 3808        SessionEnv - ok
13:31:40.0721 3808        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:31:40.0737 3808        sffdisk - ok
13:31:40.0768 3808        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:31:40.0768 3808        sffp_mmc - ok
13:31:40.0800 3808        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:31:40.0800 3808        sffp_sd - ok
13:31:40.0815 3808        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:31:40.0831 3808        sfloppy - ok
13:31:40.0878 3808        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:31:40.0878 3808        SharedAccess - ok
13:31:40.0909 3808        ShellHWDetection (27f10f348e508243f6254846f8370d0d) C:\Windows\System32\shsvcs.dll
13:31:40.0909 3808        ShellHWDetection - ok
13:31:40.0940 3808        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:31:40.0940 3808        SiSRaid2 - ok
13:31:40.0971 3808        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:31:40.0971 3808        SiSRaid4 - ok
13:31:41.0175 3808        slsvc          (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
13:31:41.0237 3808        slsvc - ok
13:31:41.0362 3808        SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
13:31:41.0362 3808        SLUINotify - ok
13:31:41.0425 3808        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
13:31:41.0425 3808        Smb - ok
13:31:41.0440 3808        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:31:41.0456 3808        SNMPTRAP - ok
13:31:41.0471 3808        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:31:41.0487 3808        spldr - ok
13:31:41.0518 3808        Spooler        (846cdf9a3cf4da9b306adfb7d55ee4c2) C:\Windows\System32\spoolsv.exe
13:31:41.0534 3808        Spooler - ok
13:31:41.0581 3808        srv            (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
13:31:41.0596 3808        srv - ok
13:31:41.0628 3808        srv2            (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
13:31:41.0628 3808        srv2 - ok
13:31:41.0659 3808        srvnet          (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
13:31:41.0659 3808        srvnet - ok
13:31:41.0690 3808        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:31:41.0706 3808        SSDPSRV - ok
13:31:41.0753 3808        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:31:41.0753 3808        ssmdrv - ok
13:31:41.0815 3808        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:31:41.0815 3808        SstpSvc - ok
13:31:41.0893 3808        stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
13:31:41.0893 3808        stisvc - ok
13:31:41.0925 3808        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:31:41.0925 3808        swenum - ok
13:31:41.0971 3808        swprv          (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
13:31:41.0987 3808        swprv - ok
13:31:42.0003 3808        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:31:42.0003 3808        Symc8xx - ok
13:31:42.0034 3808        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:31:42.0034 3808        Sym_hi - ok
13:31:42.0050 3808        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:31:42.0050 3808        Sym_u3 - ok
13:31:42.0112 3808        SynTP          (362e61958317ad657e79b282a78b26cb) C:\Windows\system32\DRIVERS\SynTP.sys
13:31:42.0112 3808        SynTP - ok
13:31:42.0159 3808        SysMain        (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
13:31:42.0175 3808        SysMain - ok
13:31:42.0190 3808        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:31:42.0190 3808        TabletInputService - ok
13:31:42.0221 3808        TapiSrv        (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
13:31:42.0237 3808        TapiSrv - ok
13:31:42.0253 3808        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:31:42.0253 3808        TBS - ok
13:31:42.0346 3808        Tcpip          (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
13:31:42.0362 3808        Tcpip - ok
13:31:42.0378 3808        Tcpip6          (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
13:31:42.0393 3808        Tcpip6 - ok
13:31:42.0425 3808        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
13:31:42.0425 3808        tcpipreg - ok
13:31:42.0456 3808        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:31:42.0456 3808        TDPIPE - ok
13:31:42.0471 3808        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:31:42.0487 3808        TDTCP - ok
13:31:42.0503 3808        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
13:31:42.0503 3808        tdx - ok
13:31:42.0534 3808        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
13:31:42.0534 3808        TermDD - ok
13:31:42.0596 3808        TermService    (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
13:31:42.0596 3808        TermService - ok
13:31:42.0643 3808        Themes          (27f10f348e508243f6254846f8370d0d) C:\Windows\system32\shsvcs.dll
13:31:42.0643 3808        Themes - ok
13:31:42.0675 3808        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:31:42.0675 3808        THREADORDER - ok
13:31:42.0706 3808        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:31:42.0706 3808        TrkWks - ok
13:31:42.0784 3808        truecrypt      (1592a0c126cf28b6d22d16ffe15a8a0d) C:\Windows\system32\drivers\truecrypt.sys
13:31:42.0784 3808        truecrypt - ok
13:31:42.0846 3808        TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
13:31:42.0846 3808        TrustedInstaller - ok
13:31:42.0878 3808        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:31:42.0878 3808        tssecsrv - ok
13:31:42.0925 3808        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:31:42.0925 3808        tunmp - ok
13:31:42.0940 3808        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
13:31:42.0940 3808        tunnel - ok
13:31:42.0971 3808        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
13:31:42.0971 3808        uagp35 - ok
13:31:43.0018 3808        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
13:31:43.0018 3808        udfs - ok
13:31:43.0050 3808        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:31:43.0065 3808        UI0Detect - ok
13:31:43.0112 3808        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:31:43.0112 3808        uliagpkx - ok
13:31:43.0143 3808        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:31:43.0143 3808        uliahci - ok
13:31:43.0175 3808        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:31:43.0175 3808        UlSata - ok
13:31:43.0206 3808        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:31:43.0206 3808        ulsata2 - ok
13:31:43.0237 3808        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:31:43.0237 3808        umbus - ok
13:31:43.0284 3808        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:31:43.0284 3808        upnphost - ok
13:31:43.0331 3808        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:31:43.0346 3808        usbccgp - ok
13:31:43.0362 3808        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:31:43.0362 3808        usbcir - ok
13:31:43.0409 3808        usbehci        (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
13:31:43.0409 3808        usbehci - ok
13:31:43.0456 3808        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
13:31:43.0456 3808        usbhub - ok
13:31:43.0471 3808        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:31:43.0471 3808        usbohci - ok
13:31:43.0503 3808        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:31:43.0503 3808        usbprint - ok
13:31:43.0565 3808        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:31:43.0565 3808        usbscan - ok
13:31:43.0628 3808        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:31:43.0628 3808        USBSTOR - ok
13:31:43.0659 3808        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:31:43.0659 3808        usbuhci - ok
13:31:43.0690 3808        UxSms          (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
13:31:43.0690 3808        UxSms - ok
13:31:43.0753 3808        vds            (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
13:31:43.0784 3808        vds - ok
13:31:43.0815 3808        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:31:43.0815 3808        vga - ok
13:31:43.0846 3808        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:31:43.0846 3808        VgaSave - ok
13:31:43.0862 3808        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:31:43.0862 3808        viaagp - ok
13:31:43.0893 3808        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:31:43.0893 3808        ViaC7 - ok
13:31:43.0940 3808        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:31:43.0940 3808        viaide - ok
13:31:43.0956 3808        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:31:43.0971 3808        volmgr - ok
13:31:44.0003 3808        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
13:31:44.0003 3808        volmgrx - ok
13:31:44.0050 3808        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
13:31:44.0065 3808        volsnap - ok
13:31:44.0112 3808        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:31:44.0112 3808        vsmraid - ok
13:31:44.0221 3808        VSS            (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
13:31:44.0253 3808        VSS - ok
13:31:44.0284 3808        W32Time        (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
13:31:44.0284 3808        W32Time - ok
13:31:44.0331 3808        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:31:44.0331 3808        WacomPen - ok
13:31:44.0378 3808        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:44.0378 3808        Wanarp - ok
13:31:44.0393 3808        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:44.0393 3808        Wanarpv6 - ok
13:31:44.0456 3808        wcncsvc        (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
13:31:44.0471 3808        wcncsvc - ok
13:31:44.0487 3808        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:31:44.0487 3808        WcsPlugInService - ok
13:31:44.0518 3808        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:31:44.0518 3808        Wd - ok
13:31:44.0581 3808        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:31:44.0596 3808        Wdf01000 - ok
13:31:44.0612 3808        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:31:44.0612 3808        WdiServiceHost - ok
13:31:44.0628 3808        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:31:44.0643 3808        WdiSystemHost - ok
13:31:44.0690 3808        WebClient      (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
13:31:44.0690 3808        WebClient - ok
13:31:44.0721 3808        Wecsvc          (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
13:31:44.0721 3808        Wecsvc - ok
13:31:44.0753 3808        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:31:44.0753 3808        wercplsupport - ok
13:31:44.0784 3808        WerSvc          (4081288554294f144e5a7d4ee20e3ce6) C:\Windows\System32\WerSvc.dll
13:31:44.0800 3808        WerSvc - ok
13:31:44.0862 3808        winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:31:44.0878 3808        winachsf - ok
13:31:44.0971 3808        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:31:44.0971 3808        WinDefend - ok
13:31:44.0987 3808        WinHttpAutoProxySvc - ok
13:31:45.0065 3808        Winmgmt        (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
13:31:45.0081 3808        Winmgmt - ok
13:31:45.0143 3808        WinRM          (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
13:31:45.0175 3808        WinRM - ok
13:31:45.0237 3808        Wlansvc        (4b40ff01db5357299dcbdb5a5746ad21) C:\Windows\System32\wlansvc.dll
13:31:45.0253 3808        Wlansvc - ok
13:31:45.0315 3808        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:31:45.0331 3808        WmiAcpi - ok
13:31:45.0378 3808        wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
13:31:45.0393 3808        wmiApSrv - ok
13:31:45.0503 3808        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:31:45.0503 3808        WMPNetworkSvc - ok
13:31:45.0534 3808        WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
13:31:45.0550 3808        WPCSvc - ok
13:31:45.0581 3808        WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
13:31:45.0596 3808        WPDBusEnum - ok
13:31:45.0659 3808        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
13:31:45.0659 3808        WpdUsb - ok
13:31:45.0706 3808        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:31:45.0706 3808        ws2ifsl - ok
13:31:45.0737 3808        wscsvc          (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
13:31:45.0737 3808        wscsvc - ok
13:31:45.0753 3808        WSearch - ok
13:31:45.0893 3808        wuauserv        (d79538b67fa641e986855def651e78fe) C:\Windows\system32\wuaueng.dll
13:31:45.0925 3808        wuauserv - ok
13:31:46.0096 3808        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:31:46.0096 3808        WUDFRd - ok
13:31:46.0143 3808        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:31:46.0159 3808        wudfsvc - ok
13:31:46.0190 3808        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:31:46.0721 3808        \Device\Harddisk0\DR0 - ok
13:31:46.0721 3808        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR2
13:31:47.0628 3808        \Device\Harddisk1\DR2 - ok
13:31:47.0628 3808        Boot (0x1200)  (4d8a967b4c33665580c9e7781e59a8e7) \Device\Harddisk0\DR0\Partition0
13:31:47.0643 3808        \Device\Harddisk0\DR0\Partition0 - ok
13:31:47.0706 3808        Boot (0x1200)  (0e83ac762c6c4c8f967a669881cc19e3) \Device\Harddisk0\DR0\Partition1
13:31:47.0706 3808        \Device\Harddisk0\DR0\Partition1 - ok
13:31:47.0706 3808        Boot (0x1200)  (ceb1a6fc88cf91ad6de9739bc3198ea6) \Device\Harddisk1\DR2\Partition0
13:31:47.0721 3808        \Device\Harddisk1\DR2\Partition0 - ok
13:31:47.0721 3808        ============================================================
13:31:47.0721 3808        Scan finished
13:31:47.0721 3808        ============================================================
13:31:47.0753 1436        Detected object count: 0
13:31:47.0753 1436        Actual detected object count: 0
13:31:59.0221 2932        Deinitialize success

Psychotic 30.05.2012 12:45
CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
FOLDER::
c:\users\***\AppData\Roaming\Qafiic
c:\users\***\AppData\Roaming\Ablum
c:\users\***\AppData\Roaming\Ibqoz
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Chrizzie 30.05.2012 13:17
Anbei der Log von Combofix:

Code:
Combofix Logfile:

       
Code:

       
ComboFix 12-05-30.02 - *** 30.05.2012  13:57:10.3.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.49.1031.18.1917.1211 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-30 12:04 . 2012-05-30 12:05        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-05-30 12:04 . 2012-05-30 12:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-30 05:38 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-25 17:10 . 2012-05-30 05:51        --------        d-----w-        c:\windows\Microsoft Antimalware
2012-05-25 17:10 . 2012-05-25 17:10        --------        d-----w-        c:\windows\Microsoft-Support für
2012-05-23 19:38 . 2012-05-30 11:08        --------        d-----w-        c:\users\***\AppData\Roaming\Qafiic
2012-05-23 19:38 . 2012-05-30 05:10        --------        d-----w-        c:\users\***\AppData\Roaming\Ablum
2012-05-23 19:38 . 2012-05-23 19:38        --------        d-----w-        c:\users\***\AppData\Roaming\Ibqoz
2012-05-03 17:20 . 2012-05-03 17:20        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-05-03 17:20 . 2012-05-03 17:20        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 17:20 . 2012-05-03 17:20        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 08:05 . 2012-01-05 20:09        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 17:20 . 2011-04-20 20:23        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"ESB"="c:\windows\system32\ESB.EXE" [2006-05-29 266240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-24 869936]
"S3Trayp"="S3Trayp.exe" [2007-06-26 176128]
"GenePccMon.exe"="c:\program files\Genesys Logic PC Camera Device\GenePccMon.exe" [2007-09-12 32768]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-05 149280]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 62494936
*Deregistered* - 62494936
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc
HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.medion.com/
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8oy07aak.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=googlemail
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 14:05
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  GenePccMon.exe = c:\program files\Genesys Logic PC Camera Device\GenePccMon.exe?????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3796)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2012-05-30  14:12:37
ComboFix-quarantined-files.txt  2012-05-30 12:12
ComboFix2.txt  2012-05-30 11:21
ComboFix3.txt  2012-05-30 10:16
.
Vor Suchlauf: 10 Verzeichnis(se), 47.639.097.344 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 47.607.992.320 Bytes frei
.
- - End Of File - - 3092BCE8CF0CFD6B23A080A95AAEDF62

--- --- ---

Gruss
Christian

Ergänzung: ich sehe gerade, dass ich nach dem letzten Neustart, der durch Combofix durchgeführt wurde, Malwarebytes Anti-Malware nicht deaktiviert habe... :pfeiff:

Psychotic 30.05.2012 13:35
Zitat:
c:\users\***\AppData\Roaming\Qafiic
c:\users\***\AppData\Roaming\Ablum
c:\users\***\AppData\Roaming\Ibqoz
du hast vor allem deine *** nicht wieder durch den Usernamen ersetzt...:rolleyes:
Nochmal von vorn, den letzten Schritt!

Chrizzie 30.05.2012 13:39
Das hatte ich (meine ich zumindest) gemacht, aber dann im Log wieder unkenntlich gemacht. Aber ist ja auch wurscht, ich mach ja schon... :D

Jetzt aber:

Code:
Combofix Logfile:

       
Code:

       
ComboFix 12-05-30.02 - *** 30.05.2012  14:44:42.4.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.49.1031.18.1917.1075 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\Ablum
c:\users\***\AppData\Roaming\Ablum\taew.tmp
c:\users\***\AppData\Roaming\Ibqoz
c:\users\***\AppData\Roaming\Ibqoz\diip.yml
c:\users\***\AppData\Roaming\Qafiic
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-30 12:50 . 2012-05-30 12:50        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-30 12:12 . 2012-05-30 12:50        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-30 05:38 . 2012-05-30 05:38        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-30 05:38 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-25 17:10 . 2012-05-30 05:51        --------        d-----w-        c:\windows\Microsoft Antimalware
2012-05-25 17:10 . 2012-05-25 17:10        --------        d-----w-        c:\windows\Microsoft-Support für
2012-05-03 17:20 . 2012-05-03 17:20        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-05-03 17:20 . 2012-05-03 17:20        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 17:20 . 2012-05-03 17:20        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 08:05 . 2012-01-05 20:09        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 17:20 . 2011-04-20 20:23        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"ESB"="c:\windows\system32\ESB.EXE" [2006-05-29 266240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-24 869936]
"S3Trayp"="S3Trayp.exe" [2007-06-26 176128]
"GenePccMon.exe"="c:\program files\Genesys Logic PC Camera Device\GenePccMon.exe" [2007-09-12 32768]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-05 149280]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc
HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.medion.com/
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8oy07aak.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=googlemail
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 14:50
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  GenePccMon.exe = c:\program files\Genesys Logic PC Camera Device\GenePccMon.exe?????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-05-30  14:52:29
ComboFix-quarantined-files.txt  2012-05-30 12:52
ComboFix2.txt  2012-05-30 12:12
ComboFix3.txt  2012-05-30 11:21
ComboFix4.txt  2012-05-30 10:16
.
Vor Suchlauf: 10 Verzeichnis(se), 47.756.230.656 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 47.521.292.288 Bytes frei
.
- - End Of File - - C6F9E4009CCABF287B1AD9F2909D710D

--- --- ---

Psychotic 30.05.2012 14:21
:daumenhoc


Sieht ganz gut aus - kontrollieren wir alles nochmal! :)


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Chrizzie 30.05.2012 19:50
Hallo Marius,

hier die 2 Logs.

MBAM
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.30.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
*** :: ***-PC [Administrator]

Schutz: Deaktiviert

30.05.2012 16:20:58
mbam-log-2012-05-30 (16-20-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 270016
Laufzeit: 30 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESAT
Code:
C:\Program Files\JDownloader\tools\reconnect\phael curl reconnect\curl_router_reconnect.exe        probably a variant of Win32/Agent.LMCXWHR trojan
C:\Qoobox\Quarantine\[4]-Submit_2012-05-30_12.59.46.zip        a variant of Win32/Kryptik.AFZX trojan

Psychotic 31.05.2012 07:04
Schritt 1: VT


Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    C:\Program Files\JDownloader\tools\reconnect\phael curl reconnect\curl_router_reconnect.exe
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Chrizzie 31.05.2012 07:18
hier der Link:

https://www.virustotal.com/file/17592e1c52f1a65b5d8611f2fb985bf76d8817ddab324fff793bf9d7510494d1/analysis/1338444917/

Gruß
Christian


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:32 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131