Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner eingefangen: Windows Recovery (https://www.trojaner-board.de/98215-trojaner-eingefangen-windows-recovery.html)

Flodi 26.04.2011 19:50
Trojaner eingefangen: Windows Recovery
 
Hallo Forumsgemeinde,

zuerst einmal ein großes Dankeschön, dass es euch gibt und ihr jedem so tatkräftig mit Rat zur Seite steht. SUPER :daumenhoc
Nun zu meinem Problem (bei Windows Vista). Ich habe mir heute auch den Windows Recovery Trojaner eingefangen. Folgende Aktionen habe ich bereits durchgeführt:

1. rkill (3 mal angewendet)
2. Malwarebytes (Quick und vollständiger Suchlauf)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

26.04.2011 16:09:38
mbam-log-2011-04-26 (16-09-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141458
Laufzeit: 4 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sFGtypQnwU (Trojan.FakeAlert) -> Value: sFGtypQnwU -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Users\Florian\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\sfgtypqnwu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\33742600.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Florian\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Florian\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Florian\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

26.04.2011 20:16:42
mbam-log-2011-04-26 (20-16-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 373155
Laufzeit: 3 Stunde(n), 53 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


3. OTL

siehe Anhang


4. Unhide (hat wunderbar geklappt, die Ordner sind wieder alle sichtbar)

Es macht den Anschein, dass wieder alles in Ordung ist. Wäre super, wenn ihr mir das bestätigen könntet.

Flodi 26.04.2011 19:54
ups...hier sind nun die OTL Logs

Viele Dank für eure Antwort.

cosinus 02.05.2011 12:42
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Flodi 03.05.2011 16:46
Hi, danke für die Hilfe.

Hier ist der OTL-Text:

cosinus 04.05.2011 09:01
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.04.26 15:47:51 | 000,000,144 | ---- | M] () -- C:\ProgramData\~33742600r
[2011.04.26 15:47:51 | 000,000,128 | ---- | M] () -- C:\ProgramData\~33742600
[2011.04.26 15:47:38 | 000,000,344 | ---- | M] () -- C:\ProgramData\33742600
[2011.04.26 14:56:25 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.26 14:56:25 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Flodi 04.05.2011 19:52
Hier ist das Log nach dem OTL-Fix


All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\~33742600r moved successfully.
C:\ProgramData\~33742600 moved successfully.
C:\ProgramData\33742600 moved successfully.
C:\Windows\System32\icrav03.rat moved successfully.
C:\Windows\System32\ticrf.rat moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Florian
->Temp folder emptied: 32607514 bytes
->Temporary Internet Files folder emptied: 20299274 bytes
->Java cache emptied: 6389035 bytes
->FireFox cache emptied: 193006811 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2247 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15857843 bytes
RecycleBin emptied: 25121220 bytes

Total Files Cleaned = 280,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05042011_204809

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 05.05.2011 09:06
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Flodi 05.05.2011 15:34
Ok, erledigt!

2011/05/05 16:32:35.0872 5636 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 16:32:36.0418 5636 ================================================================================
2011/05/05 16:32:36.0418 5636 SystemInfo:
2011/05/05 16:32:36.0418 5636
2011/05/05 16:32:36.0418 5636 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/05 16:32:36.0418 5636 Product type: Workstation
2011/05/05 16:32:36.0418 5636 ComputerName: FLORIAN-PC
2011/05/05 16:32:36.0418 5636 UserName: Florian
2011/05/05 16:32:36.0418 5636 Windows directory: C:\Windows
2011/05/05 16:32:36.0418 5636 System windows directory: C:\Windows
2011/05/05 16:32:36.0418 5636 Processor architecture: Intel x86
2011/05/05 16:32:36.0418 5636 Number of processors: 2
2011/05/05 16:32:36.0418 5636 Page size: 0x1000
2011/05/05 16:32:36.0418 5636 Boot type: Normal boot
2011/05/05 16:32:36.0418 5636 ================================================================================
2011/05/05 16:32:36.0683 5636 Initialize success
2011/05/05 16:32:58.0882 0732 ================================================================================
2011/05/05 16:32:58.0882 0732 Scan started
2011/05/05 16:32:58.0882 0732 Mode: Manual;
2011/05/05 16:32:58.0882 0732 ================================================================================
2011/05/05 16:32:59.0412 0732 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/05 16:32:59.0506 0732 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/05 16:32:59.0615 0732 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/05 16:32:59.0646 0732 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/05 16:32:59.0709 0732 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/05 16:32:59.0787 0732 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/05 16:32:59.0943 0732 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/05 16:33:00.0052 0732 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/05 16:33:00.0099 0732 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/05 16:33:00.0130 0732 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/05 16:33:00.0504 0732 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/05 16:33:00.0707 0732 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/05 16:33:00.0769 0732 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/05 16:33:00.0801 0732 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/05 16:33:00.0863 0732 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/05 16:33:00.0910 0732 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/05 16:33:00.0972 0732 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/05 16:33:01.0019 0732 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/05 16:33:01.0081 0732 athr (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys
2011/05/05 16:33:01.0253 0732 atikmdag (6f2cc6403012375385d556bf39382b74) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/05 16:33:01.0347 0732 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/05/05 16:33:01.0378 0732 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/05/05 16:33:01.0425 0732 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/05/05 16:33:01.0456 0732 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/05/05 16:33:01.0549 0732 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/05 16:33:01.0612 0732 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/05 16:33:01.0705 0732 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/05 16:33:01.0768 0732 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/05 16:33:01.0799 0732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/05 16:33:01.0830 0732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/05 16:33:01.0877 0732 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/05 16:33:01.0893 0732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/05 16:33:01.0939 0732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/05 16:33:01.0971 0732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/05 16:33:02.0017 0732 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/05 16:33:02.0064 0732 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/05 16:33:02.0142 0732 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/05 16:33:02.0189 0732 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/05 16:33:02.0236 0732 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/05 16:33:02.0283 0732 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/05 16:33:02.0329 0732 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/05 16:33:02.0345 0732 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/05 16:33:02.0376 0732 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/05 16:33:02.0407 0732 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/05 16:33:02.0485 0732 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/05 16:33:02.0548 0732 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
2011/05/05 16:33:02.0657 0732 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/05 16:33:02.0922 0732 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/05 16:33:03.0031 0732 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/05 16:33:03.0094 0732 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/05/05 16:33:03.0141 0732 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/05 16:33:03.0219 0732 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/05 16:33:03.0297 0732 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/05 16:33:03.0343 0732 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/05 16:33:03.0437 0732 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/05 16:33:03.0515 0732 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/05 16:33:03.0562 0732 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/05 16:33:03.0609 0732 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/05 16:33:03.0655 0732 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/05 16:33:03.0702 0732 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/05 16:33:03.0733 0732 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/05 16:33:03.0796 0732 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/05 16:33:04.0045 0732 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/05 16:33:04.0092 0732 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/05 16:33:04.0139 0732 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/05 16:33:04.0233 0732 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/05 16:33:04.0279 0732 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/05 16:33:04.0326 0732 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/05 16:33:04.0357 0732 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/05 16:33:04.0420 0732 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/05 16:33:04.0482 0732 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/05 16:33:04.0545 0732 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/05 16:33:04.0576 0732 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/05 16:33:04.0623 0732 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/05 16:33:04.0685 0732 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/05 16:33:04.0716 0732 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/05 16:33:04.0794 0732 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/05 16:33:04.0950 0732 IntcAzAudAddService (ffb0b713a54dd05193dbcd0b790b37ee) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/05 16:33:05.0200 0732 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/05 16:33:05.0262 0732 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/05 16:33:05.0325 0732 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/05 16:33:05.0371 0732 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/05 16:33:05.0403 0732 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/05 16:33:05.0465 0732 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/05/05 16:33:05.0496 0732 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/05 16:33:05.0543 0732 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/05 16:33:05.0590 0732 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/05 16:33:05.0621 0732 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/05 16:33:05.0652 0732 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/05 16:33:05.0699 0732 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/05/05 16:33:05.0730 0732 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/05 16:33:05.0777 0732 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/05/05 16:33:05.0855 0732 KeyScrambler (8f1bb80d589affb9c5e9cd7544251b29) C:\Windows\system32\drivers\keyscrambler.sys
2011/05/05 16:33:05.0933 0732 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/05 16:33:06.0089 0732 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/05 16:33:06.0198 0732 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/05 16:33:06.0245 0732 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/05 16:33:06.0261 0732 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/05 16:33:06.0307 0732 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/05 16:33:06.0354 0732 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/05 16:33:06.0385 0732 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/05 16:33:06.0417 0732 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/05 16:33:06.0432 0732 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/05 16:33:06.0463 0732 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/05 16:33:06.0479 0732 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/05 16:33:06.0495 0732 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/05 16:33:06.0526 0732 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/05 16:33:06.0557 0732 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/05 16:33:06.0604 0732 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/05 16:33:06.0666 0732 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/05 16:33:06.0697 0732 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/05 16:33:06.0713 0732 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/05 16:33:06.0729 0732 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/05 16:33:06.0760 0732 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/05 16:33:06.0791 0732 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/05 16:33:06.0822 0732 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/05 16:33:06.0838 0732 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/05 16:33:06.0869 0732 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/05 16:33:06.0900 0732 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/05 16:33:06.0916 0732 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/05 16:33:06.0963 0732 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/05 16:33:06.0978 0732 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/05 16:33:07.0009 0732 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/05 16:33:07.0072 0732 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/05 16:33:07.0119 0732 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/05 16:33:07.0181 0732 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/05 16:33:07.0228 0732 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/05 16:33:07.0259 0732 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/05 16:33:07.0275 0732 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/05 16:33:07.0290 0732 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/05 16:33:07.0321 0732 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/05 16:33:07.0493 0732 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/05 16:33:07.0649 0732 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/05 16:33:07.0696 0732 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/05 16:33:07.0727 0732 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/05/05 16:33:07.0758 0732 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/05 16:33:07.0821 0732 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/05 16:33:07.0899 0732 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
2011/05/05 16:33:07.0930 0732 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/05 16:33:07.0945 0732 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/05 16:33:07.0961 0732 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/05 16:33:07.0977 0732 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/05 16:33:08.0008 0732 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/05 16:33:08.0070 0732 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/05 16:33:08.0101 0732 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/05 16:33:08.0133 0732 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/05 16:33:08.0164 0732 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/05 16:33:08.0195 0732 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/05 16:33:08.0226 0732 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/05 16:33:08.0273 0732 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/05 16:33:08.0335 0732 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/05 16:33:08.0398 0732 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/05 16:33:08.0413 0732 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/05 16:33:08.0460 0732 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/05 16:33:08.0538 0732 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/05 16:33:08.0601 0732 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/05 16:33:08.0772 0732 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/05 16:33:08.0803 0732 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/05 16:33:08.0835 0732 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/05 16:33:08.0850 0732 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/05 16:33:08.0866 0732 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/05 16:33:08.0897 0732 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/05 16:33:08.0913 0732 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/05 16:33:08.0959 0732 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/05 16:33:08.0975 0732 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/05 16:33:08.0991 0732 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/05 16:33:09.0037 0732 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/05 16:33:09.0069 0732 RTHDMIAzAudService (4a8393f03cb2f40e08126d83916c5633) C:\Windows\system32\drivers\RtHDMIV.sys
2011/05/05 16:33:09.0131 0732 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/05 16:33:09.0162 0732 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/05 16:33:09.0193 0732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/05 16:33:09.0225 0732 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/05 16:33:09.0240 0732 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/05 16:33:09.0271 0732 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/05 16:33:09.0287 0732 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/05 16:33:09.0318 0732 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/05 16:33:09.0334 0732 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/05 16:33:09.0381 0732 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/05 16:33:09.0427 0732 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/05 16:33:09.0459 0732 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/05 16:33:09.0505 0732 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/05 16:33:09.0661 0732 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/05 16:33:09.0786 0732 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/05 16:33:09.0817 0732 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/05 16:33:09.0833 0732 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/05 16:33:09.0849 0732 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/05 16:33:09.0895 0732 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
2011/05/05 16:33:09.0927 0732 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/05 16:33:09.0958 0732 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/05 16:33:09.0973 0732 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/05 16:33:10.0005 0732 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/05 16:33:10.0051 0732 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/05 16:33:10.0114 0732 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/05 16:33:10.0161 0732 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/05 16:33:10.0192 0732 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/05 16:33:10.0223 0732 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/05 16:33:10.0239 0732 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/05 16:33:10.0285 0732 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/05 16:33:10.0317 0732 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/05 16:33:10.0363 0732 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/05 16:33:10.0410 0732 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/05 16:33:10.0426 0732 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/05 16:33:10.0457 0732 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/05 16:33:10.0504 0732 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/05/05 16:33:10.0582 0732 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/05 16:33:10.0613 0732 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/05 16:33:10.0644 0732 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/05 16:33:10.0675 0732 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/05 16:33:10.0722 0732 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/05 16:33:10.0753 0732 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/05 16:33:10.0800 0732 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/05 16:33:10.0847 0732 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/05 16:33:10.0878 0732 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/05 16:33:10.0941 0732 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/05 16:33:10.0956 0732 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/05 16:33:10.0987 0732 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/05 16:33:11.0034 0732 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/05 16:33:11.0097 0732 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/05 16:33:11.0128 0732 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/05 16:33:11.0143 0732 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/05 16:33:11.0175 0732 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/05 16:33:11.0206 0732 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/05 16:33:11.0237 0732 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/05 16:33:11.0268 0732 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/05 16:33:11.0299 0732 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/05 16:33:11.0315 0732 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/05 16:33:11.0362 0732 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/05 16:33:11.0393 0732 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/05 16:33:11.0533 0732 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/05 16:33:11.0658 0732 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/05 16:33:11.0752 0732 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/05 16:33:11.0783 0732 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 16:33:11.0783 0732 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 16:33:11.0814 0732 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/05 16:33:11.0861 0732 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/05 16:33:11.0908 0732 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/05 16:33:11.0955 0732 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/05 16:33:12.0001 0732 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/05 16:33:12.0064 0732 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/05 16:33:12.0298 0732 ================================================================================
2011/05/05 16:33:12.0298 0732 Scan finished
2011/05/05 16:33:12.0298 0732 ================================================================================

cosinus 05.05.2011 19:11
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Flodi 05.05.2011 21:36
ComboFix Log:

Combofix Logfile:
Code:
ComboFix 11-05-04.04 - Florian 05.05.2011  22:12:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.2327 [GMT 2:00]
ausgeführt von:: c:\users\Florian\Desktop\cofi.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-05 bis 2011-05-05  ))))))))))))))))))))))))))))))
.
.
2011-05-05 19:45 . 2011-05-05 19:45        --------        d-----w-        c:\program files\CCleaner
2011-05-04 18:48 . 2011-05-04 18:48        --------        d-----w-        C:\_OTL
2011-04-29 14:54 . 2011-04-29 14:54        --------        d-----w-        c:\users\Florian\AppData\Roaming\QFX Software
2011-04-29 14:54 . 2011-04-29 14:54        --------        d-----w-        c:\programdata\QFX Software
2011-04-28 13:25 . 2011-04-28 13:25        --------        d-----w-        c:\program files\Common Files\Java
2011-04-27 15:26 . 2011-04-27 15:26        --------        d-----w-        c:\windows\Sun
2011-04-27 15:21 . 2011-02-02 19:40        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-04-27 15:21 . 2011-04-28 13:23        --------        d-----w-        c:\program files\Java
2011-04-27 08:44 . 2011-04-27 11:09        --------        d-----w-        c:\program files\Microsoft Silverlight
2011-04-27 08:26 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-27 08:26 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 08:26 . 2011-03-12 21:55        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-26 19:53 . 2011-04-26 19:53        --------        d-----w-        c:\users\Florian\AppData\Local\WindowsUpdate
2011-04-26 18:43 . 2011-04-26 18:43        --------        d-----w-        c:\program files\7-Zip
2011-04-26 14:02 . 2011-04-26 14:02        --------        d-----w-        c:\users\Florian\AppData\Roaming\Malwarebytes
2011-04-26 14:02 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 14:02 . 2011-04-26 14:02        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-26 14:02 . 2011-04-26 14:02        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-26 14:02 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-26 14:00 . 2011-04-28 17:26        --------        d-----w-        c:\program files\GridinSoft Trojan Killer
2011-04-26 12:24 . 2011-04-26 12:28        --------        d-----w-        c:\users\Florian\AppData\Roaming\Canon
2011-04-26 12:18 . 2011-04-26 12:18        --------        d-----w-        c:\programdata\CanonIJ
2011-04-26 12:16 . 2011-04-26 12:16        --------        d-----w-        c:\windows\system32\CanonIJ Uninstaller Information
2011-04-26 12:16 . 2010-12-17 12:49        438272        ----a-w-        c:\windows\system32\CNQ2414L.dll
2011-04-26 12:16 . 2010-03-18 15:12        1335296        ----a-w-        c:\windows\system32\CNQ2414C.dll
2011-04-26 12:16 . 2010-03-18 15:12        114688        ----a-w-        c:\windows\system32\CNQ2414I.dll
2011-04-26 12:16 . 2010-03-18 15:11        106496        ----a-w-        c:\windows\system32\CNQ2414U.dll
2011-04-26 12:16 . 2008-08-25 16:02        15872        ----a-w-        c:\windows\system32\CNHMCA.dll
2011-04-26 12:16 . 2010-03-11 08:56        180224        ----a-w-        c:\windows\system32\CNQ2414Y.dll
2011-04-26 12:16 . 2010-06-03 04:12        94208        ----a-w-        c:\windows\system32\CNQ2414O.dll
2011-04-26 12:15 . 2011-04-26 12:17        --------        d-----w-        c:\program files\Canon
2011-04-26 12:12 . 2011-05-03 07:10        --------        d-----w-        c:\program files\SamsungPrinterLiveUpdate
2011-04-26 12:12 . 2009-09-11 07:47        19968        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\sst3cpc.dll
2011-04-26 12:11 . 2009-09-11 07:47        26624        ----a-w-        c:\windows\system32\sst3cl3.dll
2011-04-26 12:11 . 2009-09-11 07:46        151552        ----a-w-        c:\windows\system32\sst3cci.exe
2011-04-26 12:11 . 2009-09-11 07:46        65536        ----a-w-        c:\windows\system32\sst3cci.dll
2011-04-26 12:11 . 2009-09-10 08:49        49152        ----a-w-        c:\windows\system32\ssusbpn.dll
2011-04-26 12:11 . 2009-09-10 08:49        81920        ----a-w-        c:\windows\system32\ssdevm.dll
2011-04-26 12:10 . 2009-09-10 08:49        38160        ----a-w-        c:\windows\system32\msxml2r.dll
2011-04-26 12:10 . 2009-09-10 08:49        21776        ----a-w-        c:\windows\system32\msxml2a.dll
2011-04-26 12:10 . 2009-09-10 08:49        701440        ----a-w-        c:\windows\system32\msxml2.dll
2011-04-20 08:24 . 2011-04-20 08:24        --------        d-----w-        c:\program files\Safari
2011-04-20 08:23 . 2011-04-20 08:23        --------        d-----w-        c:\program files\iPod
2011-04-20 08:21 . 2011-04-20 08:21        --------        d-----w-        c:\program files\Bonjour
2011-04-20 08:18 . 2011-05-05 14:59        --------        d-----w-        c:\users\Florian\AppData\Roaming\Apple Computer
2011-04-20 08:18 . 2011-04-26 17:27        --------        d-----w-        c:\users\Florian\AppData\Local\Apple Computer
2011-04-20 08:18 . 2011-04-20 08:18        --------        dc----w-        c:\windows\system32\DRVSTORE
2011-04-20 08:18 . 2009-05-18 11:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-20 08:18 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2011-04-20 08:17 . 2011-04-20 08:23        --------        d-----w-        c:\program files\iTunes
2011-04-20 08:17 . 2011-04-20 08:18        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-20 08:17 . 2011-04-20 08:17        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-04-20 08:17 . 2011-04-20 08:17        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-04-20 08:17 . 2011-04-20 08:17        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-04-20 08:17 . 2011-04-20 08:17        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-04-20 08:17 . 2011-04-20 08:17        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-04-20 08:17 . 2011-04-20 08:17        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-04-20 08:17 . 2011-04-20 08:17        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-04-20 08:17 . 2011-04-20 08:17        --------        d-----w-        c:\program files\QuickTime
2011-04-20 08:17 . 2011-04-20 08:17        --------        d-----w-        c:\programdata\Apple Computer
2011-04-20 08:16 . 2011-04-20 08:16        --------        d-----w-        c:\users\Florian\AppData\Local\Apple
2011-04-20 08:16 . 2011-04-20 08:16        --------        d-----w-        c:\program files\Apple Software Update
2011-04-20 08:15 . 2011-04-20 08:23        --------        d-----w-        c:\program files\Common Files\Apple
2011-04-20 08:15 . 2011-04-20 08:19        --------        d-----w-        c:\programdata\Apple
2011-04-08 23:43 . 2011-04-08 23:43        --------        d-----w-        C:\$AVG
2011-04-08 05:21 . 2011-04-08 05:21        --------        d-----w-        c:\program files\Windows Portable Devices
2011-04-08 05:07 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll
2011-04-08 05:07 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\system32\UIRibbon.dll
2011-04-08 05:07 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll
2011-04-08 05:05 . 2009-10-08 21:08        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2011-04-08 05:05 . 2009-10-08 21:08        234496        ----a-w-        c:\windows\system32\oleacc.dll
2011-04-08 05:05 . 2009-10-08 21:07        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-04-07 14:46 . 2011-01-20 16:08        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-04-07 14:46 . 2011-01-20 16:08        1029120        ----a-w-        c:\windows\system32\d3d10.dll
2011-04-07 14:46 . 2011-01-20 14:12        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2011-04-07 14:46 . 2011-01-20 13:47        683008        ----a-w-        c:\windows\system32\d2d1.dll
2011-04-07 14:46 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-04-07 14:46 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-04-07 14:46 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
2011-04-07 14:46 . 2011-01-20 16:08        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2011-04-07 14:46 . 2011-01-20 16:08        189952        ----a-w-        c:\windows\system32\d3d10core.dll
2011-04-07 14:46 . 2011-01-20 14:28        1554432        ----a-w-        c:\windows\system32\xpsservices.dll
2011-04-07 14:46 . 2011-01-20 14:25        847360        ----a-w-        c:\windows\system32\OpcServices.dll
2011-04-07 14:46 . 2011-01-20 14:11        486400        ----a-w-        c:\windows\system32\d3d10level9.dll
2011-04-07 14:46 . 2010-05-04 19:13        231424        ----a-w-        c:\windows\system32\msshsq.dll
2011-04-07 07:53 . 2011-04-07 07:53        --------        d-----w-        c:\windows\system32\ca-ES
2011-04-07 07:53 . 2011-04-07 07:53        --------        d-----w-        c:\windows\system32\eu-ES
2011-04-07 07:53 . 2011-04-07 07:53        --------        d-----w-        c:\windows\system32\vi-VN
2011-04-07 06:41 . 2011-04-07 06:41        --------        d-----w-        c:\windows\system32\EventProviders
2011-04-07 06:39 . 2009-04-11 06:28        1589248        ----a-w-        c:\windows\system32\msjet40.dll
2011-04-07 06:38 . 2009-04-11 06:28        83968        ----a-w-        c:\windows\system32\wbem\wmiutils.dll
2011-04-07 06:38 . 2009-04-11 06:28        744448        ----a-w-        c:\windows\system32\wbem\wbemcore.dll
2011-04-07 06:38 . 2009-04-11 06:28        30208        ----a-w-        c:\windows\system32\wbem\wbemprox.dll
2011-04-07 06:38 . 2009-04-11 06:28        265728        ----a-w-        c:\windows\system32\wbem\repdrvfs.dll
2011-04-07 06:38 . 2009-04-11 06:28        189440        ----a-w-        c:\windows\system32\wbem\mofd.dll
2011-04-07 06:38 . 2009-04-11 06:28        614912        ----a-w-        c:\windows\system32\wbem\fastprox.dll
2011-04-07 06:38 . 2009-04-11 06:28        265728        ----a-w-        c:\windows\system32\wbem\esscli.dll
2011-04-07 06:38 . 2009-04-11 06:28        705536        ----a-w-        c:\windows\system32\SmiEngine.dll
2011-04-07 06:38 . 2009-04-11 06:28        218624        ----a-w-        c:\windows\system32\wdscore.dll
2011-04-07 06:38 . 2009-04-11 06:27        130560        ----a-w-        c:\windows\system32\PkgMgr.exe
2011-04-07 06:38 . 2009-04-11 06:28        247808        ----a-w-        c:\windows\system32\drvstore.dll
2011-04-06 21:41 . 2011-04-06 21:41        --------        d-----w-        C:\cf1ad56c0c2e95108f65cc4eaa072754
2011-04-06 21:40 . 2011-04-06 21:40        --------        d-----w-        c:\users\Florian\AppData\Roaming\OCS
2011-04-06 21:40 . 2011-04-06 21:40        --------        d-----w-        c:\program files\ICQ-Banner-Remover
2011-04-06 21:36 . 2011-04-06 21:36        --------        d-----w-        c:\program files\ICQ6Toolbar
2011-04-06 21:36 . 2011-04-06 21:36        --------        d-----w-        c:\programdata\ICQ
2011-04-06 21:36 . 2011-05-05 20:08        --------        d-----w-        c:\users\Florian\AppData\Roaming\ICQ
2011-04-06 21:36 . 2011-05-03 15:25        --------        d-----w-        c:\program files\ICQ7.4
2011-04-06 21:10 . 2011-04-29 14:53        --------        d-----w-        c:\program files\KeyScrambler
2011-04-06 21:10 . 2011-04-24 22:14        225856        ----a-w-        c:\windows\system32\drivers\keyscrambler.sys
2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\system32\dns-sd.exe
2011-04-06 01:01 . 2009-11-08 08:55        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2011-04-06 01:01 . 2009-11-08 08:55        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2011-04-06 01:01 . 2009-11-08 08:55        297808        ----a-w-        c:\windows\system32\mscoree.dll
2011-04-06 01:01 . 2009-11-08 08:55        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2011-04-06 01:01 . 2009-11-08 08:55        1130824        ----a-w-        c:\windows\system32\dfshim.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 18:59 . 2011-04-26 18:59        33595        ----a-w-        C:\7-Zip.zip
2011-04-26 18:46 . 2011-04-26 18:46        24408        ----a-w-        C:\OTL Logs.zip
2011-04-04 02:20 . 2011-04-04 02:20        8704        ----a-w-        c:\windows\system32\drivers\th-TH\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\uk-UA\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\tr-TR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        5120        ----a-w-        c:\windows\system32\drivers\zh-TW\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        5120        ----a-w-        c:\windows\system32\drivers\zh-HK\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        4608        ----a-w-        c:\windows\system32\drivers\zh-CN\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8704        ----a-w-        c:\windows\system32\drivers\ro-RO\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\sv-SE\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\sr-Latn-CS\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\sl-SI\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\sk-SK\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\ru-RU\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        9216        ----a-w-        c:\windows\system32\drivers\nl-NL\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8704        ----a-w-        c:\windows\system32\drivers\pt-PT\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8704        ----a-w-        c:\windows\system32\drivers\pt-BR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8704        ----a-w-        c:\windows\system32\drivers\pl-PL\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\nb-NO\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        7680        ----a-w-        c:\windows\system32\drivers\lv-LV\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        7680        ----a-w-        c:\windows\system32\drivers\lt-LT\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8704        ----a-w-        c:\windows\system32\drivers\it-IT\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\hu-HU\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\hr-HR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        7680        ----a-w-        c:\windows\system32\drivers\fi-FI\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        7168        ----a-w-        c:\windows\system32\drivers\he-IL\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        5632        ----a-w-        c:\windows\system32\drivers\ko-KR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        9216        ----a-w-        c:\windows\system32\drivers\el-GR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\da-DK\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\bg-BG\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        7680        ----a-w-        c:\windows\system32\drivers\et-EE\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        7680        ----a-w-        c:\windows\system32\drivers\cs-CZ\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        7168        ----a-w-        c:\windows\system32\drivers\ar-SA\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        6144        ----a-w-        c:\windows\system32\drivers\ja-JP\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8704        ----a-w-        c:\windows\system32\drivers\fr-FR\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8704        ----a-w-        c:\windows\system32\drivers\es-ES\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8704        ----a-w-        c:\windows\system32\drivers\de-DE\bthport.sys.mui
2011-04-04 02:20 . 2011-04-04 02:20        8192        ----a-w-        c:\windows\system32\drivers\en-US\bthport.sys.mui
2011-04-03 17:59 . 2011-04-03 17:59        855        ----a-w-        c:\windows\regfile_I.cmd
2011-04-03 17:59 . 2011-04-03 17:59        256        ----a-w-        c:\windows\regfile_E.cmd
2011-04-03 17:55 . 2011-04-03 17:54        319456        ----a-w-        c:\windows\DIFxAPI.dll
2011-04-03 17:17 . 2011-04-03 17:17        218688        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-03 15:40 . 2011-04-27 08:26        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 08:26        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 08:26        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 08:26        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
2011-02-18 14:36 . 2011-02-18 14:36        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2011-02-18 14:36 . 2011-02-18 14:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-04-29 14:48 . 2011-04-03 17:18        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-04-06 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-01-27 61440]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-03-18 618496]
"Ocs_SM"="c:\users\Florian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-04-06 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-734616948-2309867023-871678048-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Florian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-04-06 40960]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;WPFFontCache_v0400; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-03 218688]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-09-10 5120]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-04-24 225856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0411&m=aspire_7735
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\jzhh8t6a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-05 22:18
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3048)
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
Zeit der Fertigstellung: 2011-05-05  22:20:47
ComboFix-quarantined-files.txt  2011-05-05 20:20
.
Vor Suchlauf: 14 Verzeichnis(se), 207.400.288.256 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 207.346.147.328 Bytes frei
.
- - End Of File - - B9855B6610DF3D858437F53BDE9F5CC3
--- --- ---

cosinus 06.05.2011 09:51
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Flodi 07.05.2011 10:07
GMER Logfile:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-07 11:02:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: 62ng70rm.exe; Driver: C:\Users\Florian\AppData\Local\Temp\axliyfob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                      section is writeable [0x8E407000, 0x24DD0C, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Mozilla Firefox\firefox.exe[4856] ntdll.dll!LdrLoadDll                                                                      779993A8 5 Bytes  JMP 013C1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [00A71210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 7735
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 152):
0x82435000 \SystemRoot\system32\ntkrnlpa.exe
0x82402000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80482000 \SystemRoot\system32\PSHED.dll
0x80493000 \SystemRoot\system32\BOOTVID.dll
0x8049B000 \SystemRoot\system32\CLFS.SYS
0x804DC000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\System32\drivers\partmgr.sys
0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80732000 \SystemRoot\system32\drivers\volmgr.sys
0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079B000 \SystemRoot\System32\Drivers\UBHelper.sys
0x82A02000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82ADD000 \SystemRoot\system32\drivers\atapi.sys
0x82AE5000 \SystemRoot\system32\drivers\ataport.SYS
0x82B03000 \SystemRoot\system32\drivers\msahci.sys
0x82B0D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B1B000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B4D000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B5D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A601000 \SystemRoot\system32\drivers\ndis.sys
0x8A70C000 \SystemRoot\system32\drivers\msrpc.sys
0x8A737000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A808000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB1E000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB57000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB5F000 \SystemRoot\System32\Drivers\mup.sys
0x8AB6E000 \SystemRoot\System32\drivers\ecache.sys
0x8AB95000 \SystemRoot\system32\drivers\disk.sys
0x8ABA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABC7000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABDD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABE8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E406000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8E873000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E913000 \SystemRoot\System32\drivers\watchdog.sys
0x8E91F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E9AC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E9B7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ABF1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A772000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x8EC0E000 \SystemRoot\system32\DRIVERS\athr.sys
0x8ECFE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8ED02000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8ED15000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8ED1F000 \SystemRoot\System32\drivers\keyscrambler.sys
0x8ED55000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ED60000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ED91000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8ED93000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8ED9E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EDB6000 \SystemRoot\system32\Drivers\NTIDrvr.sys
0x8EDBE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EDC4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EDCD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A7AC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x807A3000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EDDC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EDE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A7DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A9E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82BCE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82BE2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x807E4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EC0B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805BC000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F00C000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x8F047000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F051000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F05E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F093000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F0A4000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x8F0C8000 \SystemRoot\system32\drivers\portcls.sys
0x8F0F5000 \SystemRoot\system32\drivers\drmk.sys
0x9180B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91A45000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x91B6B000 \SystemRoot\system32\drivers\modem.sys
0x91B78000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91B81000 \SystemRoot\System32\Drivers\Null.SYS
0x91B88000 \SystemRoot\System32\Drivers\Beep.SYS
0x91B8F000 \SystemRoot\System32\drivers\vga.sys
0x91B9B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91BBC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91BC4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91BCC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91BD7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91BE5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F11A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F130000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F144000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F176000 \SystemRoot\system32\drivers\afd.sys
0x8F1BE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91BEE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F1D4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91C0A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91C46000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91C50000 \SystemRoot\System32\Drivers\dfsc.sys
0x91C67000 \SystemRoot\System32\Drivers\fastfat.SYS
0x91C8F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x91CA4000 \SystemRoot\system32\DRIVERS\udfs.sys
0x91CDF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91CF6000 \SystemRoot\System32\Drivers\usbvideo.sys
0x91D17000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91D24000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x986C0000 \SystemRoot\System32\win32k.sys
0x91C00000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F1E7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x988E0000 \SystemRoot\System32\TSDDD.dll
0x98900000 \SystemRoot\System32\cdd.dll
0x8A90D000 \SystemRoot\system32\drivers\luafv.sys
0x8A928000 \SystemRoot\system32\drivers\spsys.sys
0x9C00A000 \SystemRoot\system32\DRIVERS\irda.sys
0x9C028000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C038000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C062000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C06C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C07F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9C095000 \SystemRoot\system32\drivers\HTTP.sys
0x9C102000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C11F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C138000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C14D000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C16E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C18D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C1C6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D004000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D02C000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D0A2000 \SystemRoot\system32\drivers\peauth.sys
0x9D180000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D18A000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x9D191000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D19D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9D1B2000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9D1C4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9D1CD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9D1DD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9D1E4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9D1EC000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x9D07B000 \??\C:\Users\Florian\AppData\Local\Temp\axliyfob.sys
0x77970000 \Windows\System32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
480 C:\Windows\System32\smss.exe
620 csrss.exe
684 C:\Windows\System32\wininit.exe
696 csrss.exe
728 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\winlogon.exe
936 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\Ati2evxx.exe
1144 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\audiodg.exe
1344 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\SLsvc.exe
1396 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\svchost.exe
1804 C:\Windows\System32\spoolsv.exe
1828 C:\Windows\System32\svchost.exe
1988 C:\Windows\System32\agrsmsvc.exe
2020 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2032 C:\Windows\System32\Ati2evxx.exe
124 C:\Program Files\Bonjour\mDNSResponder.exe
308 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
612 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
840 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1104 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1380 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
1620 C:\Windows\System32\svchost.exe
1864 C:\Users\Florian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2084 C:\Windows\System32\svchost.exe
2128 C:\Windows\System32\svchost.exe
2160 C:\Windows\System32\SearchIndexer.exe
2460 WUDFHost.exe
2712 C:\Windows\System32\taskeng.exe
3188 C:\Windows\System32\taskeng.exe
3248 C:\Windows\System32\dwm.exe
3344 C:\Windows\explorer.exe
3536 C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
3544 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3552 C:\Windows\PLFSetI.exe
3560 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3612 C:\Program Files\Launch Manager\LManager.exe
3724 C:\Windows\Samsung\PanelMgr\SSMMgr.exe
3756 C:\Program Files\iTunes\iTunesHelper.exe
3764 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3820 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3932 C:\Windows\System32\wbem\unsecapp.exe
4012 WmiPrvSE.exe
2112 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
2272 C:\Users\Florian\AppData\Local\temp\RtkBtMnt.exe
252 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2788 C:\Program Files\iPod\bin\iPodService.exe
3600 C:\Windows\System32\svchost.exe
4076 C:\Windows\System32\wbem\unsecapp.exe
3720 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
3060 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3972 C:\Windows\System32\wuauclt.exe
4856 C:\Program Files\Mozilla Firefox\firefox.exe
3148 C:\Users\Florian\Downloads\62ng70rm.exe
5540 C:\Windows\System32\SearchProtocolHost.exe
5204 C:\Windows\System32\SearchFilterHost.exe
5780 C:\Windows\System32\dllhost.exe
6020 C:\Users\Florian\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus 07.05.2011 15:16
Was ist mit OSAM? Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden!

Flodi 08.05.2011 09:03
Oh sorry, habe ich übersehen. Hier ist nun das OSAM-Log

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:00:32 on 08.05.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Florian\AppData\Local\Temp\catchme.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"KeyScrambler" (KeyScrambler) - "QFX Software Corporation" - C:\Windows\System32\drivers\keyscrambler.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B745F984-EF2E-40D6-A9AC-D8CED7230E61} "ClsidExtension" - "QFX Software Corporation" - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} "KeyScramblerBHO Class" - "QFX Software Corporation" - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
"ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AmIcoSinglun" - "AlcorMicro Co., Ltd." - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"Ocs_SM" - "OCS" - C:\Users\Florian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Samsung PanelMgr" - ? - C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"SST3C Langmon" - ? - C:\Windows\system32\sst3cl3.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\audiosrv.dll,-200" (Audiosrv) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll
"@%SystemRoot%\system32\audiosrv.dll,-204" (AudioEndpointBuilder) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - ? - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe  (File not found)
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Florian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Acer" - C:\Windows\system32\Acer.scr

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 08.05.2011 13:46
Zitat:
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

Flodi 08.05.2011 20:25
Alles wie beschrieben ausgeführt. Habe mir dazu die iso für vista gezogen.

GMER Logfile:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-08 21:23:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: gmer.exe; Driver: C:\Users\Florian\AppData\Local\Temp\axliyfob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                      section is writeable [0x8E408000, 0x24DD0C, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Mozilla Firefox\firefox.exe[1176] ntdll.dll!LdrLoadDll                                                                      770B93A8 5 Bytes  JMP 00291410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1160] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [00A41210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 7735
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 150):
0x82418000 \SystemRoot\system32\ntkrnlpa.exe
0x827D2000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047F000 \SystemRoot\system32\PSHED.dll
0x80490000 \SystemRoot\system32\BOOTVID.dll
0x80498000 \SystemRoot\system32\CLFS.SYS
0x804D9000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\system32\drivers\acpi.sys
0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E0000 \SystemRoot\system32\drivers\pci.sys
0x80707000 \SystemRoot\System32\drivers\partmgr.sys
0x80716000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80719000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8078C000 \SystemRoot\System32\Drivers\UBHelper.sys
0x82A0C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82AE7000 \SystemRoot\system32\drivers\atapi.sys
0x82AEF000 \SystemRoot\system32\drivers\ataport.SYS
0x82B0D000 \SystemRoot\system32\drivers\msahci.sys
0x82B17000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B25000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B57000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B67000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A60A000 \SystemRoot\system32\drivers\ndis.sys
0x8A715000 \SystemRoot\system32\drivers\msrpc.sys
0x8A740000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A807000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA01000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB11000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB4A000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB52000 \SystemRoot\System32\Drivers\mup.sys
0x8AB61000 \SystemRoot\System32\drivers\ecache.sys
0x8AB88000 \SystemRoot\system32\drivers\disk.sys
0x8AB99000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABBA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABD0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABDB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E407000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8E874000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E914000 \SystemRoot\System32\drivers\watchdog.sys
0x8E920000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E9AD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E9B8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ABE4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A77B000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x8DE02000 \SystemRoot\system32\DRIVERS\athr.sys
0x8DEF2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DEF6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DF09000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8DF13000 \SystemRoot\System32\drivers\keyscrambler.sys
0x8DF49000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DF54000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8DF85000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DF87000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DF92000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DFAA000 \SystemRoot\system32\Drivers\NTIDrvr.sys
0x8DFB2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8DFB8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8DFC1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DFD0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A7B5000 \SystemRoot\system32\DRIVERS\storport.sys
0x8ABF3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A9E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x82BD8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x80794000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82BE3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807B7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807CB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x807E0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DE00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805B9000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E20A000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x8E245000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E24F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E25C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E291000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E2A2000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x8E2C6000 \SystemRoot\system32\drivers\portcls.sys
0x8E2F3000 \SystemRoot\system32\drivers\drmk.sys
0x90C04000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90E3E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x90F64000 \SystemRoot\system32\drivers\modem.sys
0x90F71000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90F7A000 \SystemRoot\System32\Drivers\Null.SYS
0x90F81000 \SystemRoot\System32\Drivers\Beep.SYS
0x90F88000 \SystemRoot\System32\drivers\vga.sys
0x90F94000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90FB5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90FBD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90FC5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90FD0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90FDE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90FE7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E318000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E32C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E35E000 \SystemRoot\system32\drivers\afd.sys
0x8E3A6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E3BC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E3CA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E3DD000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9120F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9124B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91255000 \SystemRoot\System32\Drivers\dfsc.sys
0x9126C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91292000 \SystemRoot\System32\Drivers\fastfat.SYS
0x912BA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x912C7000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x913A2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x913B9000 \SystemRoot\System32\Drivers\usbvideo.sys
0x94640000 \SystemRoot\System32\win32k.sys
0x913DA000 \SystemRoot\System32\drivers\Dxapi.sys
0x913E4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94860000 \SystemRoot\System32\TSDDD.dll
0x94880000 \SystemRoot\System32\cdd.dll
0x8E3E3000 \SystemRoot\system32\drivers\luafv.sys
0x8A90C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8A921000 \SystemRoot\system32\drivers\spsys.sys
0x9BE02000 \SystemRoot\system32\DRIVERS\irda.sys
0x9BE20000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9BE30000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9BE5A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9BE64000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9BE77000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9BE8D000 \SystemRoot\system32\drivers\HTTP.sys
0x9BEFA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9BF17000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9BF30000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9BF45000 \SystemRoot\system32\drivers\mrxdav.sys
0x9BF66000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9BF85000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9BFBE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9BFD6000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D20E000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D284000 \SystemRoot\system32\drivers\peauth.sys
0x9D362000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D36C000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x9D373000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D37F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9D388000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9D398000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9D39F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9D3A7000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x77090000 \Windows\System32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
536 csrss.exe
600 C:\Windows\System32\wininit.exe
612 csrss.exe
644 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\winlogon.exe
860 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\Ati2evxx.exe
1092 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\audiodg.exe
1280 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\SLsvc.exe
1340 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\spoolsv.exe
1764 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1776 C:\Windows\System32\svchost.exe
1804 C:\Windows\System32\Ati2evxx.exe
1976 C:\Windows\System32\agrsmsvc.exe
2008 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2036 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
232 C:\Program Files\Bonjour\mDNSResponder.exe
304 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
540 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
456 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1160 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1508 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1784 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
12 C:\Windows\System32\svchost.exe
868 C:\Users\Florian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2104 C:\Windows\System32\svchost.exe
2144 C:\Windows\System32\svchost.exe
2184 C:\Windows\System32\SearchIndexer.exe
2724 C:\Windows\System32\taskeng.exe
3000 C:\Windows\System32\SearchProtocolHost.exe
3308 C:\Windows\System32\taskeng.exe
3324 C:\Windows\System32\dwm.exe
3396 C:\Windows\explorer.exe
3632 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3660 C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
3680 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3688 C:\Windows\PLFSetI.exe
3744 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3760 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3856 C:\Program Files\Launch Manager\LManager.exe
3864 C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
3892 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
3900 C:\Windows\Samsung\PanelMgr\SSMMgr.exe
3968 C:\Program Files\iTunes\iTunesHelper.exe
3988 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4004 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4028 C:\Program Files\DAEMON Tools Lite\DTLite.exe
4036 C:\Program Files\ICQ7.4\ICQ.exe
2256 C:\Windows\System32\wbem\unsecapp.exe
936 WmiPrvSE.exe
2416 C:\Windows\System32\svchost.exe
1176 C:\Program Files\Mozilla Firefox\firefox.exe
3796 C:\Windows\System32\wbem\unsecapp.exe
2200 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
824 C:\Users\Florian\AppData\Local\temp\RtkBtMnt.exe
836 C:\Program Files\iPod\bin\iPodService.exe
3580 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3568 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4156 C:\Windows\System32\SearchFilterHost.exe
4388 C:\Users\Florian\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 09.05.2011 12:24
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Flodi 10.05.2011 18:53
Hier nun die Logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6547

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10.05.2011 19:41:16
mbam-log-2011-05-10 (19-41-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 318813
Laufzeit: 1 Stunde(n), 19 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 05/10/2011 bei 11:08 AM

Version der Applikation : 4.52.1000

Version der Kern-Datenbank : 7018
Version der Spur-Datenbank : 4830

Scan Art : kompletter Scann
Totale Scann-Zeit : 01:35:04

Gescannte Speicherelemente : 777
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 8503
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 174915
Erfasste Datei-Elemente : 0

cosinus 10.05.2011 18:59
Keine Funde. :daumenhoc
Rechner wieder ok?

Flodi 10.05.2011 19:31
Läuft wieder alles perfekt.
Vielen vielen Dank für die super Unterstützung. Zum Glück musste ich den Rechner nicht platt machen.

Beste Grüße
Flo

cosinus 10.05.2011 20:43
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131