Trojaner-Board - Spam-Versand von GMail-Account

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Spam-Versand von GMail-Account (https://www.trojaner-board.de/98136-spam-versand-gmail-account.html)

Spam-Versand von GMail-Account

Hallo zusammen,

habe vorhin ein kleines 'Problem' mit meinen Mails gehabt.
Ich habe mehrere Mail-Accounts, die ich alle auf ein Googlemail-Account leite, und in meinem Thunderbird frage ich auch nur dieses Konto ab und verschicke per SMTP über die anderen Accounts. Vorhin habe ich mehrere Delivery-Mails bekommen, welche komischerweise sofort in den Papierkorb geschoben wurden (anstatt in Spam, o.ä.).
Hier hatte ich mich schon ein wenig gewundert, und im Endeffekt wurden von meinem Googlemail-Account mehrere Spam-Mails an Teile meines Adressbuches verschickt (zumindestens hoffe ich das, da bei den Sende-Mails (ingesamt 5-6 Mails) im Papierkorb nur ca. 20 Empfänger vorhanden sind). Als Inhalt in den Mails steht nur eine kryptische Adresse ala

Code:

h**p://mawuky846.freewebportal.com/oizzfhvnnjd.html

In jeder Mail steht aber auch eine andere Adresse, aber mit ähnlichem Muster.

Daraufhin habe ich auf die shcnelle das Passwort von meinem GMail-Acc geändert und auf meinem Hauptrechner, der als einziger zu der Zeit an/online war, einen Scan mit Avira durchgeführt. Hier habe ich keinen Virus/Trojaner/o.ä. gefunden, danach habe ich einen Scan mit Anti-Malware durchgeführt:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6443
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

25.04.2011 20:11:25

mbam-log-2011-04-25 (20-11-25).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 154922

Laufzeit: 5 Minute(n), 27 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Und auch noch den Scan mit OTL (OTL.txt):

Code:

OTL logfile created on: 25.04.2011 20:15:23 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = D:\VB6

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 29,32 Gb Total Space | 1,80 Gb Free Space | 6,13% Space Free | Partition Type: NTFS

Drive D: | 239,46 Gb Total Space | 89,07 Gb Free Space | 37,19% Space Free | Partition Type: NTFS

Drive E: | 465,76 Gb Total Space | 269,00 Gb Free Space | 57,76% Space Free | Partition Type: NTFS

Drive H: | 3,69 Gb Total Space | 3,67 Gb Free Space | 99,63% Space Free | Partition Type: FAT32

 

Computer Name: DESKTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - D:\VB6\OTL.exe (OldTimer Tools)

PRC - D:\DualOS\Programme\Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)

PRC - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)

PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - D:\VB6\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AcronisOSSReinstallSvc) --  File not found

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)

SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)

SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\system32\drivers\WinUSB.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()

DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()

DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)

DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)

DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://www.atmel.com)

DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)

DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)

DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)

DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)

DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)

DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)

DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)

DRV - (vstor2-ws60) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)

DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)

DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)

DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)

DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)

DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetnd6.sys (VIA Technologies, Inc.              )

DRV - (qcusbser) -- C:\Windows\System32\drivers\hwusbser.sys (QUALCOMM Incorporated)

DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)

DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

DRV - (b57w2k) -- C:\Windows\System32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (portio32) -- C:\Windows\System32\drivers\portio32.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5

 

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\DualOS\Programme\Firefox\components [2011.03.23 17:51:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\DualOS\Programme\Firefox\plugins [2011.03.23 17:51:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: D:\DualOS\Programme\Thunderbird\components [2011.03.23 17:42:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: D:\DualOS\Programme\Thunderbird\plugins

 

[2010.03.01 16:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions

[2010.03.01 16:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.02.03 16:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\s3e41d80.default\extensions

[2009.11.16 16:40:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\s3e41d80.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009.11.16 16:40:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\s3e41d80.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009.11.16 16:40:13 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\s3e41d80.default\extensions\firebug@software.joehewitt.com

[2009.11.16 16:40:14 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\s3e41d80.default\extensions\max@subfighter.com

[2011.04.22 12:49:51 | 000,002,512 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\s3e41d80.default\searchplugins\gulliboard.xml

[2009.06.24 12:02:00 | 000,002,740 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\s3e41d80.default\searchplugins\imdb.xml

[2011.04.22 12:49:52 | 000,005,565 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\s3e41d80.default\searchplugins\ofdb---titel.xml

[2011.04.22 12:49:52 | 000,001,925 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\s3e41d80.default\searchplugins\youtube-deutschland.xml

[2010.04.02 13:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- 

 

O1 HOSTS File: ([2011.02.20 18:22:35 | 000,001,814 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [VaCtrl]  File not found

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009.08.28 08:19:16 | 000,003,635 | ---- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.25 20:05:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes

[2011.04.25 19:19:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.04.25 19:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware

[2011.04.25 19:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.04.25 19:19:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.04.25 19:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.04.22 17:28:10 | 000,000,000 | ---D | C] -- C:\mod

[2011.04.22 15:25:34 | 000,000,000 | ---D | C] -- C:\benq

[2011.04.20 22:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero

[2011.04.20 22:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero

[2011.04.20 22:41:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Nero

[2011.04.19 15:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin

[2011.04.16 11:18:38 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011.04.13 15:20:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011.04.13 15:20:25 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.04.13 15:20:24 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2011.04.13 15:20:24 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011.04.13 15:20:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011.04.13 15:20:22 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011.04.13 15:20:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.04.13 15:20:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.04.13 15:20:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.04.13 15:20:10 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011.04.13 15:20:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011.04.13 15:20:05 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe

[2009.11.16 15:58:15 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Administrator\AppData\Roaming\pcouffin.sys

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.25 19:22:23 | 000,667,080 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.04.25 19:22:23 | 000,627,262 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.25 19:22:23 | 000,135,774 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.04.25 19:22:23 | 000,111,426 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.25 17:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.24 12:58:55 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk

[2011.04.23 11:01:03 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.23 11:01:03 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.23 10:53:16 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.13 16:11:06 | 003,867,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.03.30 18:42:48 | 000,001,429 | ---- | C] () -- C:\Users\Administrator\Desktop\EASEUS Partition Master 6.5.2 Home Edition.lnk

[2011.03.07 18:50:06 | 000,000,014 | ---- | C] () -- C:\Windows\wms_.ini

[2011.03.04 22:36:31 | 000,001,304 | ---- | C] () -- C:\Windows\wms.ini

[2011.03.04 22:08:00 | 000,000,134 | ---- | C] () -- C:\Windows\wmssetup.ini

[2011.02.23 16:51:44 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011.02.23 16:50:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.02.20 18:19:05 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6

[2010.12.28 00:39:30 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat

[2010.12.17 15:32:14 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe

[2010.12.17 15:32:14 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll

[2010.12.17 15:32:13 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe

[2010.12.17 15:32:13 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys

[2010.12.17 15:32:13 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys

[2010.11.10 20:20:21 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010.09.26 00:01:25 | 000,164,864 | ---- | C] () -- C:\Windows\System32\UNWISE32.EXE

[2010.09.25 11:39:41 | 000,000,017 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg

[2010.07.29 21:31:02 | 000,059,904 | ---- | C] () -- C:\Windows\System32\sqlite3_mod_fts3.dll

[2010.07.29 21:31:02 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sqlite3_mod_rtree.dll

[2010.07.29 21:31:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\sqlite3_mod_extfunc.dll

[2010.07.29 21:31:02 | 000,021,504 | ---- | C] () -- C:\Windows\System32\sqlite3_mod_impexp.dll

[2010.07.29 21:31:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2010.07.29 21:31:01 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2010.06.06 10:38:05 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2010.06.02 22:21:02 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll

[2010.05.21 15:46:36 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010.03.04 16:13:45 | 002,542,458 | ---- | C] () -- C:\Windows\System32\abgx360 - Kopie.exe

[2010.02.21 14:34:00 | 000,000,783 | ---- | C] () -- C:\Windows\wiso.ini

[2010.01.21 11:38:46 | 000,007,256 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2010.01.17 16:35:13 | 000,011,024 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat

[2010.01.17 16:35:07 | 003,494,576 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe

[2010.01.17 16:35:07 | 000,015,607 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat

[2009.12.18 11:50:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2009.11.23 17:14:26 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009.11.23 17:14:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009.11.18 13:11:35 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLfNL.DLL

[2009.11.16 15:58:54 | 000,001,041 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\vso_ts_preview.xml

[2009.11.16 15:58:15 | 000,087,608 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\inst.exe

[2009.11.16 15:58:15 | 000,007,887 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.cat

[2009.11.16 15:58:15 | 000,001,144 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.inf

[2009.11.16 15:26:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009.09.24 10:30:02 | 000,007,648 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll

[2009.07.14 10:47:43 | 000,667,080 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 10:47:43 | 000,135,774 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 06:33:53 | 003,867,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 04:05:48 | 000,627,262 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 04:05:48 | 000,111,426 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2004.07.14 11:51:24 | 000,002,048 | ---- | C] () -- C:\Windows\System32\drivers\portio32.sys

[2002.07.05 16:12:06 | 000,027,136 | ---- | C] () -- C:\Windows\System32\authdvd.dll

 
 ========== LOP Check ==========

 

[2011.01.23 15:34:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnvSoft

[2010.01.20 17:47:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus

[2010.05.17 19:47:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CMUV

[2010.01.13 20:19:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite

[2010.02.01 17:40:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro

[2010.01.20 17:57:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashGet

[2010.01.03 13:10:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\foobar2000

[2011.02.20 14:05:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeFLVConverter

[2011.01.26 17:25:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GARMIN

[2010.07.06 19:01:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER

[2009.12.02 18:49:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ImgBurn

[2009.12.18 11:54:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX

[2010.04.04 11:05:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MyPhoneExplorer

[2010.07.11 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\News File Grabber

[2010.11.20 20:43:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++

[2010.05.02 14:30:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org

[2010.01.07 17:13:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Publish Providers

[2010.01.07 17:13:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony

[2010.03.01 16:48:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird

[2011.01.26 16:08:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso

[2010.02.23 15:58:29 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\brs.exe_20100223_145828_0725.job

[2010.02.23 16:02:24 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\brs.exe_20100223_150224_0767.job

[2010.11.10 20:20:13 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\elbyExecuteWithUAC.job

[2011.01.19 18:04:19 | 000,000,222 | ---- | M] () -- C:\Windows\Tasks\Launch 23062.job

[2010.02.23 15:58:44 | 000,000,224 | ---- | M] () -- C:\Windows\Tasks\PDVD9Serv.EXE_20100223_145844_0309.job

[2010.02.23 16:02:24 | 000,000,224 | ---- | M] () -- C:\Windows\Tasks\PDVD9Serv.EXE_20100223_150224_0814.job

[2009.07.14 06:53:46 | 000,001,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
 

< End of report >

Und die Extras.txt:

Code:

OTL Extras logfile created on: 25.04.2011 20:15:23 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = D:\VB6

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 29,32 Gb Total Space | 1,80 Gb Free Space | 6,13% Space Free | Partition Type: NTFS

Drive D: | 239,46 Gb Total Space | 89,07 Gb Free Space | 37,19% Space Free | Partition Type: NTFS

Drive E: | 465,76 Gb Total Space | 269,00 Gb Free Space | 57,76% Space Free | Partition Type: NTFS

Drive H: | 3,69 Gb Total Space | 3,67 Gb Free Space | 99,63% Space Free | Partition Type: FAT32

 

Computer Name: DESKTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\DualOS\Programme\Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)

Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd

"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series

"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3

"{14F3F3DD-E409-4043-B4BF-1D0C3C17A1AA}" = StarMoney

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17

"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-in for Microsoft Office

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java(TM) SE Development Kit 6 Update 17

"{32D6C439-91C0-4B0C-BFF1-1CEA3708C016}" = StarMoney 6.0 

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)

"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6

"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers

"{68C17A81-81E1-458C-8555-3131C4D7A8DF}" = Garmin MapSource

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7AA5E78D-BE64-4EA2-9CA7-DE37DCB3009A}" = Microsoft Expression Blend 3 SDK

"{7C668763-D786-460C-8921-079B8954C352}" = Microsoft Expression Studio 3

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C81D631-8536-4C9E-8D1C-5DEEF7831B25}_is1" = Open Manager 1.0

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter

"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris

"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch

"{AC76BA86-1033-F400-7761-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073

"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch

"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)

"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010

"AAF UFS910/UFS922/TF7700 MultiPart Installer_is1" = AAF UFS910/UFS922/TF7700 MultiPart Installer V2.1

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced Renamer_is1" = Advanced Renamer

"Android Commander_is1" = Android Commander version 0.7.9.8.2.01

"AnyDVD" = AnyDVD

"Avira AntiVir Desktop" = Avira AntiVir Premium

"BouquetWizard" = Bouquet Wizard

"Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CANONIJPLM100" = PIXMA Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"DBox II - Bootmanager" = DBox II - Bootmanager

"DBOX2 Image-Flashing-Assistent_is1" = DBOX2 Image-Flashing-Assistent 3.4.2

"dBpoweramp DSP Effects" = dBpoweramp DSP Effects

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"DVD Decrypter" = DVD Decrypter (Remove Only)

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition

"ExpressionStudio_3.0.1064.0" = Microsoft Expression Studio 3

"ffdshow_is1" = ffdshow v1.1.3439 [2010-05-14]

"FileZilla Client" = FileZilla Client 3.3.0

"flip.exe" = Flip 3.4.2

"Free FLV Converter_is1" = Free FLV Converter V 6.94.0

"HaaliMkx" = Haali Media Splitter

"ImgBurn" = ImgBurn

"IrfanView" = IrfanView (remove only)

"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK

"Kiwi Syslog Daemon" = Kiwi Syslog Daemon 8.3.28  (Standard Edition)

"MakeMKV" = MakeMKV v1.6.5

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaMonkey_is1" = MediaMonkey 3.2

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"MKVtoolnix" = MKVtoolnix 3.0.0

"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)

"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)

"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1

"Mp3tag" = Mp3tag v2.45a

"MPE" = MyPhoneExplorer

"News File Grabber_is1" = News File Grabber 4.6.0.4

"Notepad++" = Notepad++

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"PC Suite" = PC Suite

"Pidgin" = Pidgin

"PS3 Media Server" = PS3 Media Server

"QNAP_FINDER" = QNAP Finder

"QuickPar" = QuickPar 0.9

"ScummVM_is1" = ScummVM SVN

"UltraISO_is1" = UltraISO Premium V9.35

"VLC media player" = VLC media player 1.1.4

"VMware_Workstation" = VMware Workstation

"Web_3.0.3813.0" = Microsoft Expression Web 3

"Winamp" = Winamp

"WinRAR archiver" = WinRAR

"WMS" = Wild Media Server (UPnP, DLNA, HTTP)

"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

"Xvid_is1" = Xvid 1.2.2 final uninstall

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

Kann hier evtl noch jemand einen Hinweis auf einen Trojaner/o.ä. finden, oder kann ich mit anderen Tools noch weitersuchen?

Danke schonmal vorab für Hilfe.

Gruß,
DerDominik

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Hallo cosinos,

danke schonmal für deine Antwort.
Habe gestern einen Vollscan durchgeführt (Update habe ich natürlich vorher durchgeführt) und folgendes Ergebnis erhalten:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6477
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

30.04.2011 18:22:08

mbam-log-2011-04-30 (18-22-08).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)

Durchsuchte Objekte: 598959

Laufzeit: 2 Stunde(n), 56 Minute(n), 30 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Also scheint soweit alles in Butter zu sein, oder gibts noch ein anderes Programm, womit ich den Rechner vorsichtshalber scannen sollte?

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Nein, es gibt nur die beiden Logs, die ich hier gepostet hatte.
Habe das Programm aber auch erst nach dem beschriebenen Problem installiert..

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009.08.28 08:19:16 | 000,003,635 | ---- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hallo,

habe ich soeben durchgeführt und folgendes Log erhalten:

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

File H:\AUTOEXEC.BAT not found.

ADS C:\ProgramData\TEMP:8FF81EB0 deleted successfully.

ADS C:\ProgramData\TEMP:888AFB86 deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 65652769 bytes

->Temporary Internet Files folder emptied: 19194778 bytes

->Java cache emptied: 13689470 bytes

->FireFox cache emptied: 66340077 bytes

->Flash cache emptied: 1686 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: xxx

->Temp folder emptied: 189009524 bytes

->Temporary Internet Files folder emptied: 192315173 bytes

->Java cache emptied: 52420074 bytes

->FireFox cache emptied: 3556234 bytes

->Flash cache emptied: 103501 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 46928 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7780550 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 582,00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 05032011_160413
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

OK, da hat er scheinbar was gefunden?!

Code:

2011/05/03 17:40:27.0597 2548        TDSS rootkit removing tool 2.5.0.0 May  1 2011 14:20:16

2011/05/03 17:40:27.0957 2548        ================================================================================

2011/05/03 17:40:27.0957 2548        SystemInfo:

2011/05/03 17:40:27.0957 2548        

2011/05/03 17:40:27.0957 2548        OS Version: 6.1.7601 ServicePack: 1.0

2011/05/03 17:40:27.0957 2548        Product type: Workstation

2011/05/03 17:40:27.0957 2548        ComputerName: DESKTOP-xxx

2011/05/03 17:40:27.0957 2548        UserName: Administrator

2011/05/03 17:40:27.0957 2548        Windows directory: C:\Windows

2011/05/03 17:40:27.0957 2548        System windows directory: C:\Windows

2011/05/03 17:40:27.0957 2548        Processor architecture: Intel x86

2011/05/03 17:40:27.0957 2548        Number of processors: 2

2011/05/03 17:40:27.0957 2548        Page size: 0x1000

2011/05/03 17:40:27.0957 2548        Boot type: Normal boot

2011/05/03 17:40:27.0957 2548        ================================================================================

2011/05/03 17:40:28.0957 2548        Initialize success

2011/05/03 17:41:40.0972 1992        ================================================================================

2011/05/03 17:41:40.0972 1992        Scan started

2011/05/03 17:41:40.0972 1992        Mode: Manual; 

2011/05/03 17:41:40.0972 1992        ================================================================================

2011/05/03 17:41:42.0269 1992        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/05/03 17:41:42.0597 1992        3xHybrid        (55e1acba424e14af3523df741d86f60a) C:\Windows\system32\DRIVERS\3xHybrid.sys

2011/05/03 17:41:42.0972 1992        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/05/03 17:41:43.0332 1992        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/05/03 17:41:43.0660 1992        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/05/03 17:41:43.0988 1992        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/05/03 17:41:44.0332 1992        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/05/03 17:41:44.0675 1992        AFD             (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys

2011/05/03 17:41:45.0003 1992        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/05/03 17:41:45.0316 1992        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/05/03 17:41:45.0660 1992        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/05/03 17:41:45.0957 1992        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/05/03 17:41:46.0253 1992        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/05/03 17:41:46.0582 1992        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/05/03 17:41:46.0910 1992        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/05/03 17:41:47.0253 1992        amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/05/03 17:41:47.0582 1992        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/05/03 17:41:47.0878 1992        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/05/03 17:41:48.0207 1992        androidusb      (e94e2ea7faaa05c776a711edb198b9fd) C:\Windows\system32\Drivers\androidusb.sys

2011/05/03 17:41:48.0738 1992        AnyDVD          (b8f9d3ae038810c6ea08e123cada765e) C:\Windows\system32\Drivers\AnyDVD.sys

2011/05/03 17:41:49.0066 1992        AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/05/03 17:41:49.0425 1992        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/05/03 17:41:49.0738 1992        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/05/03 17:41:50.0082 1992        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/03 17:41:50.0394 1992        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/05/03 17:41:50.0582 1992        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/05/03 17:41:50.0925 1992        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/05/03 17:41:51.0253 1992        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys

2011/05/03 17:41:51.0613 1992        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/05/03 17:41:51.0972 1992        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/05/03 17:41:52.0316 1992        b57w2k          (c0acd392ece55784884cc208aafa06ce) C:\Windows\system32\DRIVERS\b57xp32.sys

2011/05/03 17:41:52.0628 1992        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/05/03 17:41:52.0972 1992        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/05/03 17:41:53.0285 1992        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/03 17:41:53.0597 1992        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/05/03 17:41:53.0894 1992        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/05/03 17:41:54.0222 1992        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/05/03 17:41:54.0535 1992        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/05/03 17:41:54.0832 1992        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/05/03 17:41:55.0144 1992        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/05/03 17:41:55.0457 1992        BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

2011/05/03 17:41:55.0769 1992        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/05/03 17:41:56.0082 1992        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/05/03 17:41:56.0410 1992        BTHPORT         (195c41cc67e9e1cedd960ccb74925920) C:\Windows\System32\Drivers\BTHport.sys

2011/05/03 17:41:56.0753 1992        BTHUSB          (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\System32\Drivers\BTHUSB.sys

2011/05/03 17:41:57.0066 1992        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/03 17:41:57.0410 1992        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/05/03 17:41:57.0722 1992        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/05/03 17:41:57.0941 1992        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/05/03 17:41:58.0269 1992        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/05/03 17:41:58.0566 1992        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/05/03 17:41:58.0878 1992        CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/05/03 17:41:59.0207 1992        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/05/03 17:41:59.0519 1992        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/05/03 17:42:00.0003 1992        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/05/03 17:42:00.0347 1992        CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/05/03 17:42:00.0691 1992        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/05/03 17:42:01.0003 1992        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/05/03 17:42:01.0316 1992        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/05/03 17:42:01.0660 1992        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/05/03 17:42:01.0972 1992        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/03 17:42:02.0425 1992        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/05/03 17:42:02.0832 1992        ElbyCDIO        (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys

2011/05/03 17:42:03.0175 1992        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/05/03 17:42:03.0457 1992        epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys

2011/05/03 17:42:03.0753 1992        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/05/03 17:42:04.0035 1992        EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys

2011/05/03 17:42:04.0347 1992        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/05/03 17:42:04.0644 1992        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/05/03 17:42:04.0957 1992        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/03 17:42:05.0285 1992        FETNDIS         (f5cb6cb6d12f495516be27cffccde4bf) C:\Windows\system32\DRIVERS\fetnd6.sys

2011/05/03 17:42:05.0582 1992        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/05/03 17:42:05.0878 1992        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/05/03 17:42:06.0207 1992        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/03 17:42:06.0535 1992        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/05/03 17:42:06.0863 1992        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/05/03 17:42:07.0175 1992        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/03 17:42:07.0488 1992        FTDIBUS         (8142d5d886829b9876cb93af59475c09) C:\Windows\system32\drivers\ftdibus.sys

2011/05/03 17:42:07.0800 1992        FTSER2K         (63d72a4cf9f163b59db0ceed940a7d76) C:\Windows\system32\drivers\ftser2k.sys

2011/05/03 17:42:08.0144 1992        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/05/03 17:42:08.0441 1992        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/05/03 17:42:08.0769 1992        ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys

2011/05/03 17:42:09.0082 1992        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys

2011/05/03 17:42:09.0410 1992        hcmon           (1f79859a8c1d7c14ef6207852f622add) C:\Windows\system32\drivers\hcmon.sys

2011/05/03 17:42:09.0707 1992        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/05/03 17:42:10.0035 1992        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/05/03 17:42:10.0363 1992        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/05/03 17:42:10.0660 1992        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/05/03 17:42:10.0972 1992        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/05/03 17:42:11.0285 1992        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/05/03 17:42:11.0644 1992        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

2011/05/03 17:42:11.0988 1992        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/05/03 17:42:12.0300 1992        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/05/03 17:42:12.0644 1992        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/05/03 17:42:12.0941 1992        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/05/03 17:42:13.0253 1992        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/05/03 17:42:13.0613 1992        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/05/03 17:42:14.0050 1992        IntcAzAudAddService (aee99ecf06cd1cea95816ccb5bf73ec8) C:\Windows\system32\drivers\RTKVHDA.sys

2011/05/03 17:42:14.0472 1992        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/05/03 17:42:14.0785 1992        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/03 17:42:15.0097 1992        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/05/03 17:42:15.0410 1992        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/05/03 17:42:15.0722 1992        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/05/03 17:42:16.0035 1992        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/05/03 17:42:16.0347 1992        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/05/03 17:42:16.0644 1992        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/05/03 17:42:16.0972 1992        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/05/03 17:42:17.0269 1992        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/05/03 17:42:17.0582 1992        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/03 17:42:17.0925 1992        KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/05/03 17:42:18.0253 1992        libusb0         (c9914934118add9afe928a16a3379016) C:\Windows\system32\DRIVERS\libusb0.sys

2011/05/03 17:42:18.0582 1992        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/03 17:42:18.0910 1992        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/05/03 17:42:19.0222 1992        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/05/03 17:42:19.0535 1992        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/05/03 17:42:19.0847 1992        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/05/03 17:42:20.0191 1992        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/05/03 17:42:20.0550 1992        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/05/03 17:42:20.0863 1992        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/05/03 17:42:21.0175 1992        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/05/03 17:42:21.0488 1992        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/03 17:42:21.0785 1992        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/05/03 17:42:22.0113 1992        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/05/03 17:42:22.0425 1992        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/05/03 17:42:22.0722 1992        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/05/03 17:42:23.0035 1992        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/03 17:42:23.0363 1992        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/05/03 17:42:23.0675 1992        mrxsmb          (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/03 17:42:23.0988 1992        mrxsmb10        (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/03 17:42:24.0300 1992        mrxsmb20        (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/03 17:42:24.0613 1992        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/05/03 17:42:24.0925 1992        msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/05/03 17:42:25.0269 1992        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/05/03 17:42:25.0582 1992        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/05/03 17:42:25.0878 1992        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/05/03 17:42:26.0238 1992        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/03 17:42:26.0535 1992        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/03 17:42:26.0863 1992        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/05/03 17:42:27.0191 1992        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/05/03 17:42:27.0488 1992        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/05/03 17:42:27.0800 1992        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/05/03 17:42:28.0113 1992        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/05/03 17:42:28.0410 1992        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/05/03 17:42:28.0769 1992        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/03 17:42:29.0113 1992        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/05/03 17:42:29.0425 1992        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/05/03 17:42:29.0738 1992        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/03 17:42:30.0066 1992        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/03 17:42:30.0363 1992        NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/03 17:42:30.0660 1992        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/05/03 17:42:30.0972 1992        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/03 17:42:31.0285 1992        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/03 17:42:31.0628 1992        netr73          (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys

2011/05/03 17:42:32.0003 1992        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/05/03 17:42:32.0316 1992        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/05/03 17:42:32.0613 1992        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/03 17:42:32.0972 1992        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

2011/05/03 17:42:33.0316 1992        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/05/03 17:42:33.0878 1992        nvlddmkm        (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/05/03 17:42:34.0472 1992        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

2011/05/03 17:42:34.0785 1992        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

2011/05/03 17:42:35.0113 1992        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/05/03 17:42:35.0441 1992        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/05/03 17:42:35.0800 1992        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/05/03 17:42:36.0082 1992        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/05/03 17:42:36.0394 1992        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/05/03 17:42:36.0707 1992        pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/05/03 17:42:37.0003 1992        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/05/03 17:42:37.0316 1992        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/05/03 17:42:37.0644 1992        pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

2011/05/03 17:42:37.0972 1992        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/05/03 17:42:38.0285 1992        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/05/03 17:42:38.0675 1992        Ph3xIB32        (8b7aec0aba77de5d2feac1824c15a3fa) C:\Windows\system32\DRIVERS\Ph3xIB32.sys

2011/05/03 17:42:39.0082 1992        portio32        (09687a361c9f1418973a4ae17d2f52cc) C:\Windows\system32\drivers\portio32.sys

2011/05/03 17:42:39.0410 1992        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/03 17:42:39.0738 1992        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/05/03 17:42:40.0082 1992        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/03 17:42:40.0410 1992        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

2011/05/03 17:42:40.0722 1992        qcusbser        (8e59030434f0cd65e592b426585f1851) C:\Windows\system32\DRIVERS\hwusbser.sys

2011/05/03 17:42:41.0082 1992        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/05/03 17:42:41.0441 1992        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/05/03 17:42:41.0769 1992        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/03 17:42:42.0113 1992        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/03 17:42:42.0425 1992        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/05/03 17:42:42.0753 1992        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/03 17:42:43.0082 1992        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/03 17:42:43.0394 1992        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/05/03 17:42:43.0707 1992        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/03 17:42:44.0035 1992        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/05/03 17:42:44.0347 1992        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/03 17:42:44.0660 1992        RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/05/03 17:42:44.0972 1992        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/03 17:42:45.0285 1992        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/05/03 17:42:45.0628 1992        RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/05/03 17:42:45.0941 1992        RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/05/03 17:42:46.0269 1992        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/05/03 17:42:46.0597 1992        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/05/03 17:42:46.0925 1992        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/03 17:42:47.0222 1992        s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/05/03 17:42:47.0550 1992        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/05/03 17:42:47.0863 1992        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/05/03 17:42:48.0191 1992        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/05/03 17:42:48.0535 1992        seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys

2011/05/03 17:42:48.0863 1992        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/05/03 17:42:49.0160 1992        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/05/03 17:42:49.0472 1992        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/05/03 17:42:49.0785 1992        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/05/03 17:42:50.0082 1992        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/05/03 17:42:50.0394 1992        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/05/03 17:42:50.0691 1992        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/05/03 17:42:51.0003 1992        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/05/03 17:42:51.0347 1992        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/05/03 17:42:51.0644 1992        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/05/03 17:42:51.0972 1992        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/05/03 17:42:52.0300 1992        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/05/03 17:42:52.0644 1992        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2011/05/03 17:42:52.0644 1992        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/05/03 17:42:52.0644 1992        sptd - detected LockedFile.Multi.Generic (1)

2011/05/03 17:42:52.0957 1992        srv             (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys

2011/05/03 17:42:53.0253 1992        srv2            (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/03 17:42:53.0582 1992        srvnet          (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/03 17:42:53.0910 1992        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/05/03 17:42:54.0207 1992        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/05/03 17:42:54.0519 1992        storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/05/03 17:42:54.0816 1992        storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/05/03 17:42:55.0113 1992        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/05/03 17:42:55.0847 1992        Tcpip           (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys

2011/05/03 17:42:56.0253 1992        TCPIP6          (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/03 17:42:56.0566 1992        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/03 17:42:56.0878 1992        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/05/03 17:42:57.0175 1992        TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/05/03 17:42:57.0472 1992        tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/03 17:42:57.0785 1992        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/05/03 17:42:58.0113 1992        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/03 17:42:58.0441 1992        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/05/03 17:42:59.0050 1992        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/03 17:42:59.0347 1992        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/05/03 17:42:59.0675 1992        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/03 17:43:00.0035 1992        UimBus          (a7d5dfef4928e91ea1925c43e33f1f42) C:\Windows\system32\DRIVERS\UimBus.sys

2011/05/03 17:43:00.0363 1992        Uim_IM          (223809e0e3dd55ec78a61119104d9555) C:\Windows\system32\Drivers\Uim_IM.sys

2011/05/03 17:43:00.0675 1992        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/05/03 17:43:01.0019 1992        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/05/03 17:43:01.0316 1992        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/05/03 17:43:01.0644 1992        usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys

2011/05/03 17:43:01.0957 1992        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/05/03 17:43:02.0253 1992        usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/03 17:43:02.0566 1992        usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

2011/05/03 17:43:02.0878 1992        usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/05/03 17:43:03.0191 1992        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/05/03 17:43:03.0519 1992        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/05/03 17:43:03.0800 1992        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS

2011/05/03 17:43:04.0113 1992        usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/03 17:43:04.0441 1992        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/05/03 17:43:04.0785 1992        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/03 17:43:05.0082 1992        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/05/03 17:43:05.0675 1992        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/05/03 17:43:06.0003 1992        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/05/03 17:43:06.0300 1992        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/05/03 17:43:06.0613 1992        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/05/03 17:43:06.0941 1992        vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/05/03 17:43:07.0253 1992        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/05/03 17:43:07.0566 1992        vmci            (2847315de9ac17c7ff5fa3059d935c07) C:\Windows\system32\Drivers\vmci.sys

2011/05/03 17:43:07.0878 1992        vmkbd           (aaeef4444a6c2bb2e741de684f2a5e56) C:\Windows\system32\drivers\VMkbd.sys

2011/05/03 17:43:08.0207 1992        VMnetAdapter    (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys

2011/05/03 17:43:08.0519 1992        VMnetBridge     (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys

2011/05/03 17:43:08.0847 1992        VMnetuserif     (386234c03f38fa9eae752f4cca7c8336) C:\Windows\system32\drivers\vmnetuserif.sys

2011/05/03 17:43:09.0207 1992        vmx86           (cf8215484f00ae5268a1b3a46dd69e17) C:\Windows\system32\Drivers\vmx86.sys

2011/05/03 17:43:09.0535 1992        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/05/03 17:43:09.0863 1992        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/05/03 17:43:10.0175 1992        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/05/03 17:43:10.0503 1992        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/05/03 17:43:10.0707 1992        vstor2-ws60     (476a052b3ce506ed63a94018f3e979d5) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys

2011/05/03 17:43:11.0003 1992        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/05/03 17:43:11.0332 1992        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/05/03 17:43:11.0644 1992        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/05/03 17:43:11.0988 1992        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/03 17:43:12.0019 1992        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/03 17:43:12.0363 1992        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/05/03 17:43:12.0675 1992        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/03 17:43:13.0066 1992        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/05/03 17:43:13.0363 1992        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/05/03 17:43:13.0738 1992        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.sys

2011/05/03 17:43:14.0035 1992        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/05/03 17:43:14.0378 1992        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/03 17:43:14.0707 1992        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/05/03 17:43:15.0050 1992        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/03 17:43:15.0378 1992        XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys

2011/05/03 17:43:15.0519 1992        ================================================================================

2011/05/03 17:43:15.0519 1992        Scan finished

2011/05/03 17:43:15.0519 1992        ================================================================================

2011/05/03 17:43:15.0535 2828        Detected object count: 1

2011/05/03 17:43:27.0144 2828        LockedFile.Multi.Generic(sptd) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

So, wollte das eben gerade durchführen, da kam es aber zu Problemen.
CCleaner funktionierte ohne Probleme.

Aber nachdem ich ComboFIx runtergeladen und gestartet hatte, kam beim ersten Mal noch die Update-Meldung. Update wurde auch durchgeführt.
Danach kam nach der Initialisierung von ComboFix aber sofort ein BlueScreen mit dem Fehler "Bad Pool Header".
Auch nach einem Neustart des Systems wieder derselbe Fehler...

Habe kurz im INet gegoogelt, und da hieß es, dass der Fehler kommt, wenn die Registry einen weghat?!

Starte Windows neu, lösch die alte cofi.exe, lade CF neu als cofi.exe runter und probier es bitte nochmal.

Habe das eben nochmal neu probiert, kam aber auch sofort wieder ein BSOD, diesmal mit Fehlermeldung "IRQL_Not_Less_Or_Equal".
Danach habe ich nochmal ein letztes Mal im Abgesicherten Modus probiert, und da funktionierte es dann. Logfile lautet:

Code:

ComboFix 11-05-06.04 - Administrator 07.05.2011  11:39:23.1.2 - x86 NETWORK

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3070.2262 [GMT 2:00]

ausgeführt von:: c:\users\Administrator\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\mazuki.dll

c:\users\Administrator\AppData\Roaming\inst.exe

c:\windows\XSxS

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-07 bis 2011-05-07  ))))))))))))))))))))))))))))))

.

.

2011-05-07 09:44 . 2011-05-07 09:44        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2011-05-07 09:44 . 2011-05-07 09:44        --------        d-----w-        c:\users\xxx\AppData\Local\temp

2011-05-07 09:44 . 2011-05-07 09:44        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-05-06 16:32 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC49BA89-68FA-438D-B66C-26AE0E8B8DD4}\mpengine.dll

2011-05-04 15:27 . 2011-05-04 15:29        --------        d-----w-        C:\cofi

2011-05-04 14:11 . 2011-05-04 14:11        --------        d-----w-        c:\program files\CCleaner

2011-05-03 14:32 . 2011-05-03 14:32        --------        d-----w-        c:\program files\Common Files\PX Storage Engine

2011-05-02 17:21 . 2011-05-02 17:21        --------        d-----w-        c:\program files\Common Files\Java

2011-05-02 17:21 . 2010-09-15 02:50        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-05-02 17:09 . 2011-05-02 17:09        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Buhl Data Service

2011-04-28 13:33 . 2011-04-28 13:33        --------        d-----w-        c:\windows\system32\wbem\en-US

2011-04-28 13:26 . 2011-02-18 05:39        31232        ----a-w-        c:\windows\system32\prevhost.exe

2011-04-28 13:26 . 2011-03-11 05:39        148864        ----a-w-        c:\windows\system32\drivers\storport.sys

2011-04-28 13:26 . 2011-03-11 05:39        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys

2011-04-28 13:26 . 2011-03-11 05:39        1211264        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2011-04-28 13:26 . 2011-03-11 05:39        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys

2011-04-28 13:26 . 2011-03-11 05:38        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys

2011-04-28 13:26 . 2011-03-11 05:38        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys

2011-04-28 13:26 . 2011-03-11 05:38        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys

2011-04-28 13:26 . 2011-03-11 05:33        1699328        ----a-w-        c:\windows\system32\esent.dll

2011-04-28 13:26 . 2011-03-11 05:31        74240        ----a-w-        c:\windows\system32\fsutil.exe

2011-04-28 13:26 . 2011-03-12 11:23        870912        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-04-28 13:26 . 2011-02-25 05:30        2616320        ----a-w-        c:\windows\explorer.exe

2011-04-25 18:05 . 2011-04-25 18:05        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Malwarebytes

2011-04-25 17:19 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-25 17:19 . 2011-04-25 17:19        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-25 17:19 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-25 17:19 . 2011-04-25 17:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-04-22 15:28 . 2011-04-22 15:28        --------        d-----w-        C:\mod

2011-04-22 13:25 . 2011-04-22 13:25        --------        d-----w-        C:\benq

2011-04-20 20:41 . 2011-04-20 20:41        --------        d-----w-        c:\programdata\Nero

2011-04-20 20:41 . 2011-04-20 20:41        --------        d-----w-        c:\program files\Common Files\Nero

2011-04-20 20:41 . 2011-04-20 20:41        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Nero

2011-04-19 13:38 . 2011-04-19 13:38        --------        d-----w-        c:\program files\Garmin

2011-04-16 09:18 . 2011-02-24 05:38        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-04-13 13:19 . 2011-03-08 05:28        741376        ----a-w-        c:\windows\system32\inetcomm.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-16 13:53 . 2009-11-16 13:47        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-02-23 15:08 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll

2011-02-19 06:30 . 2011-03-09 13:47        805376        ----a-w-        c:\windows\system32\FntCache.dll

2011-02-19 06:30 . 2011-03-09 13:47        1076736        ----a-w-        c:\windows\system32\DWrite.dll

2011-02-19 06:30 . 2011-03-09 13:47        739840        ----a-w-        c:\windows\system32\d2d1.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Twonky Tray Control.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Tray Control.lnk

backup=c:\windows\pss\Twonky Tray Control.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk

backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SDK Tray Menu.lnk]

path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDK Tray Menu.lnk

backup=c:\windows\pss\SDK Tray Menu.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-09-13 16:50        1603152        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

2009-12-18 10:24        427328        ----a-w-        c:\program files\DAEMON Tools Pro\DTProAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]

2009-10-22 03:59        129584        ----a-w-        c:\program files\VMware\VMware Workstation\vmware-tray.exe

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-16 691696]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-05 339624]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]

R3 3xHybrid;CTX SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2009-09-24 1006816]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-06-11 25728]

R3 cpuz134;cpuz134;c:\users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-04-10 13224]

R3 libusb0;Atmel - LibUsb Kernel Driver 07/07/2009, 1.12.0.1;c:\windows\system32\DRIVERS\libusb0.sys [2010-02-16 21504]

R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]

R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]

R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2004-07-14 2048]

R3 qcusbser;Huawei USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\hwusbser.sys [2009-06-12 103424]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-04-10 27632]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-10-16 11:49        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2010-05-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-Desktop-xxx-xxx.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-17 01:44]

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyOverride = *.local

IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll

TCP: {6D10AB75-865B-4AC5-AECE-7E1770D3EA27} = 192.168.0.101

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\s3e41d80.default\

.

.

------- Dateityp-Verknüpfung -------

.

.txt=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-VaCtrl - c:\program files\VoiceAge\Common\VaCtrl.exe

HKLM-RunOnce-<NO NAME> - (no file)

MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe

MSConfigStartUp-FileZilla Server Interface - c:\program files\FileZilla Server\FileZilla Server Interface.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

MSConfigStartUp-TrayServer - c:\program files\MAGIX\Video_deluxe_16_Plus_Download-Version\TrayServer.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3029930095-1598881456-4175604655-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,b5,9a,f5,d6,5e,da,4f,9a,91,34,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,b5,9a,f5,d6,5e,da,4f,9a,91,34,\

.

[HKEY_USERS\S-1-5-21-3029930095-1598881456-4175604655-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ThunderbirdEML"

.

[HKEY_USERS\S-1-5-21-3029930095-1598881456-4175604655-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-3029930095-1598881456-4175604655-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-3029930095-1598881456-4175604655-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-3029930095-1598881456-4175604655-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdseml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ThunderbirdEML"

.

[HKEY_USERS\S-1-5-21-3029930095-1598881456-4175604655-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-3029930095-1598881456-4175604655-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-05-07  11:45:43

ComboFix-quarantined-files.txt  2011-05-07 09:45

.

Vor Suchlauf: 1.970.184.192 Bytes frei

Nach Suchlauf: 1.775.419.392 Bytes frei

.

- - End Of File - - F426B903DB40C40FF3E4821560F91DE8

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Habe ich soeben durchgeführt (bei OSAM war ja richtig, dass ich gleich bei der ersten Abfrage abbreche?!) und die Logs als Zip angehängt..